CCNA Discovery 3 Chapter 8 Reading Organizer

Similar documents
CCNA Course Access Control Lists

Antonio Cianfrani. Access Control List (ACL) Part I

CCNA Access List Questions

2002, Cisco Systems, Inc. All rights reserved.

Lab 6: Access Lists. Device Interface IP Address Subnet Mask Gateway/Clock Rate Fa 0/ R1

Understanding Access Control Lists (ACLs) Semester 2 v3.1

Object Groups for ACLs

Access Control List Overview

Object Groups for ACLs

Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only.

Object Groups for ACLs

Lab Configuring and Verifying Standard ACLs Topology

Implementing Traffic Filtering with ACLs

Routers use access lists to control incoming or outgoing traffic. You should know the following characteristics of an access list.

Implementing Firewall Technologies

Lab Configuring and Verifying Standard IPv4 ACLs Topology

IP Named Access Control Lists

Router and ACL ACL Filter traffic ACL: The Three Ps One ACL per protocol One ACL per direction One ACL per interface

Table of Contents. Cisco Configuring IP Access Lists

UniNets CCNA Security LAB MANUAL UNiNets CCNA Cisco Certified Network Associate Security LAB MANUAL UniNets CCNA LAB MANUAL

Study Guide. Using ACLs to Secure Networks

Access Rules. Controlling Network Access

IP Access List Overview

Object Groups for ACLs

Lab - Troubleshooting ACL Configuration and Placement Topology

Teacher s Reference Manual

Firewall Policy. Edit Firewall Policy/ACL CHAPTER7. Configure a Firewall Before Using the Firewall Policy Feature

IP Access List Overview

Wireless LANs (CO72047) Bill Buchanan, Reader, School of Computing.

Three interface Router without NAT Cisco IOS Firewall Configuration

Sybex CCENT Chapter 12: Security. Instructor & Todd Lammle

Implementing Access Lists and Prefix Lists

Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology

Access Control List Enhancements on the Cisco Series Router

Lab Configuring and Verifying Standard IPv4 ACLs (Instructor Version Optional Lab)

Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview

Table of Contents 1 System Maintaining and Debugging 1-1

Extended ACL Configuration Mode Commands

Lab Configuring and Verifying Extended ACLs Topology

Network Protocols - Revision

while the LAN interface is in the DMZ. You can control access to the WAN port using either ACLs on the upstream router, or the built-in netfilter

Chapter 4 Software-Based IP Access Control Lists (ACLs)

Context Based Access Control (CBAC): Introduction and Configuration

Information about Network Security with ACLs

Lab Catalyst 2950 and 3550 Series Intra-VLAN Security

Chapter 10 IP Access Lists: Standard

Interconnecting Cisco Networking Devices Part 1 ICND1

Cisco CCNA ACL Part II

PT Activity 5.6.1: Packet Tracer Skills Integration Challenge Topology Diagram

Configuring Network Security with ACLs

Multihoming with BGP and NAT

Configuring ACL Logging

Configuring Commonly Used IP ACLs

Lab Configure Cisco IOS Firewall CBAC

CyberPatriot Packet Tracer Tool Kit

PIX/ASA : Port Redirection(Forwarding) with nat, global, static and access list Commands

Lab b Simple Extended Access Lists

ACL and ABF Commands

Adding an IPv6 Access List

IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance

IP Access List Entry Sequence Numbering

Configuring IP Session Filtering (Reflexive Access Lists)

EIGRP Practice Skills Assessment - Packet Tracer

Configure the ASA for Dual Internal Networks

Standard ACL Configuration Mode Commands

CCNA Security PT Practice SBA

Match-in-VRF Support for NAT

Lab 6.4.2: Challenge Inter-VLAN Routing

IP Access List Entry Sequence Numbering

IP Access List Entry Sequence Numbering

Connecting to the Management Network and Securing Access

VLAN Access Control Lists

Reflexive Access List Commands

CCNA Security 1.0 Student Packet Tracer Manual

PT Activity: Configuring a Zone-Based Policy Firewall (ZPF)

VLAN Access Control Lists

Fundamentals of Network Security v1.1 Scope and Sequence

Use of the TCP/IP Protocols and the OSI Model in Packet Tracer

Information About NAT

ICND1 v2.0 Interconnecting Cisco Networking Devices Part 1 CCENT & Part of CCNA Rout/Switch

OER uses the following default value if this command is not configured or if the no form of this command is entered: timer: 300

exam. Number: Passing Score: 800 Time Limit: 120 min CISCO Interconnecting Cisco Networking Devices Part 1 (ICND)

SecBlade Firewall Cards NAT Configuration Examples

7 Filtering and Firewalling

Advanced Security and Forensic Computing

Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM

2. What flavor of Network Address Translation can be used to have one IP address allow many users to connect to the global Internet? A. NAT B.

Lab b Simple DMZ Extended Access Lists Instructor Version 2500

Port ACLs (PACLs) Prerequisites for PACls CHAPTER

Configuring IPv6 ACLs

IPv6 Commands: ipv6 h to ipv6 mi

CCNA Security Instructor Packet Tracer Manual

Firewall Stateful Inspection of ICMP

Mediant MSBR. Version 6.8. Security Setup. Configuration Guide. Version 6.8. AudioCodes Family of Multi-Service Business Routers (MSBR)

HP High-End Firewalls

SYSTEMS ADMINISTRATION USING CISCO (315)

Configuring Static and Dynamic NAT Translation

Cisco 3: Advanced Routing & Switching

Case Study. Routing & Switching. Cisco Networking Academy Routing and Switching: Scaling Network Case Study

TestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE. Modified

Transcription:

Name Date Chapter 8 Reading Organizer After completion of this chapter, you should be able to: Describe traffic filtering and explain how Access Control Lists (ACLs) can filter traffic at router interfaces. Analyze the use of wildcard masks. Configure and implement ACLs. Create and apply ACLs to control specific types of traffic. Log ACL activity and integrate ACL best practices. 1. What is Traffic Filtering? 2. Packet filtering can be simple or complex, denying or permitting traffic based on what network elements? 3. How does traffic filtering improve network performance? 4. What devices are most commonly used to provide traffic filtering? 5. The primary use of Access Control Lists is to identify the to or. 6. ACLs identify traffic for multiple uses such as: 1

7. What are some potential problems that can result from using ACLs? 8. There are three types of ACLs: 9. a. The ACL is the simplest of the three types. When creating a IP ACL, the ACLs filter based on the IP address of a packet. ACLs permit or deny based on the, such as. So, if a host device is denied by a ACL, all services from that host are denied. This type of ACL is useful for allowing all services from a specific user, or LAN, access through a router while denying other IP addresses access. ACLs are identified by the number assigned to them. For access lists permitting or denying IP traffic, the identification number can range from to and from to. b. ACLs filter not only on the source IP address but also on the IP address,, and numbers. ACLs are used more than Standard ACLs because they are more specific and provide greater control. The range of numbers for ACLs is from to and from to. c. ACLs (NACLs) are either Standard or Extended format that are referenced by a descriptive rather than a number. When configuring ACLs, the router IOS uses a subcommand mode. 2

10. What is always at the end of an ACL? What is the result of an ACL that does not have at least one permit statement? Explain: 11. After an ACL is created, what else must be done for it to become effective? 12. Explain how an ACL can be applied in either an inbound or outbound direction: 13. When a packet arrives at an interface, what parameters does a router check? 14. 3

15. 16. When creating an ACL, what two special parameters can be used in place of a wildcard mask? 17. To filter a single, specific host, use either the wildcard mask after the IP address or the prior to the IP address. 18. To filter all hosts, use the all 1s parameter by configuring a wildcard mask of. Another way to filter all hosts is to use the parameter. 19. Explain the purpose and practice of using a permit any statement as the last statement in an ACL: 4

20. 21. List the steps involved in planning the creation and placement of access control lists: 22. It is important to place standard ACLs as close to the as possible. Explain: 23. Explain when to use an extended ACL: 5

24. Place an Extended ACL close to the address. Explain why: 25. Place ACLs on routers in either the or Layer. Why? 26. Why is the inbound access control list more efficient for the router than an outbound access list? 27. List ACL processing and creation guidelines: 28. What are the two steps to configuring an access control list? 29. Why should you plan the ACL so that the more specific requirements appear before more general ones? 6

30. List and EXPLAIN ACL commands that evaluate the proper syntax, order of statements, and placement on interfaces: 31. Explain why it is often recommended to create ACLs in a text editor: Lab 8.3.3: Configuring and Verifying Standard ACLs 32. What are some ways to minimize statements and reduce the processing load of the router? Lab 8.3.4: Planning, Configuring and Verifying Extended ACLs Packet Tracer 8.3.5: Configuring and Verifying Standard Named ACLs Lab 8.3.5: Configuring and Verifying Extended Named ACLs 33. What is the reason for applying an ACL to a router s vty (telnet or ssh) ports? 7

34. What different command is used when applying the ACL to a VTY line instead of using the ip access-group command? 35. What guidelines should be followed when configuring access lists on VTY lines? Lab 8.3.6: Configuring and Verifying VTY Restrictions Packet Tracer 8.3.6: Planning, Configuring and Verifying Standard, Extended and Named ACLs 36. Extended ACLs filter on and IP addresses. It is often desirable to filter on even more specific packet details. OSI Layer 3, Layer 4 and provide this capability. 37. Some of the protocols available to use for filtering include: 38. If neither the port number nor the name is known for an application, what are some steps for locating that information? 39. Explain how ACLs deal with applications that have multiple port numbers, such as FTP or email traffic: 8

Packet Tracer 8.4.1: Configuring and Verifying Extended ACLs to Filter on Port Numbers 40. Explain the purpose of the ACL statement: access-list 101 permit tcp any any established 41. Define Stateful Packet Inspection: 42. Explain the purpose of the keywords echo-reply and unreachable in an ACL: 9

43. 10

44. How may implementing NAT and PAT create a problem when planning ACLs? Lab 8.4.3: Configuring an ACL with NAT 45. Administrators need to examine the ACL, one line at a time, and answer the following questions: 46. When evaluating an Extended ACL, it is important to remember these key points: 47. 11

48. When routing between VLANs in a network, it is sometimes necessary to control traffic from one VLAN to another using ACLs. What are the differences in the rules and guidelines for creation and application of ACLs on VLANs and on router subinterfaces as opposed to physical interfaces? Lab 8.4.5: Configuring and Verifying ACLs to filter Inter-VLAN Traffic Packet Tracer 8.4.5: Configuring and Verifying Extended ACLs with a DMZ 49. How does the information gained from the show access-list command differ from adding the log parameter to the end of an individual ACL statement? 50. Why should you use logging for a short time only to complete testing of the ACL? 51. ACL logging generates an informational message that contains: 52. To turn off logging, use: 53. To turn off all debugging, use: 54. To turn off specific debugging, such as ip packet, use: Lab 8.5.1: Configuring ACLs and Verifying with Console Logging 55. Why should you configure a router to send logging, or syslog messages, to an external server? 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback