Skip to main content

ACCESS CONTROLL LIST (ACL)

 

WHAT IS ACL

1. ACL IS USED TO  NETWORK TRAFFIC. FILTER ACL BLOCK A ANY CLIENT AND ANY PC.

2. ACL USED TO FILTER THE TRAFFIC IN NETWORK INFRASTRUCRED.

3. FILTER TRANSMISSION (FULL DUPLEX AND HALF DUPLEX).

4. REDUCE THE NETWORK TRAFFIC.

5. CONTROLL ACCESSING (AUTHRIZED AND UNUTHERIZED).

6. NETWORK ADMIN CAN BLOCK THE HACKER ON UNKNOWN ACCESSING.

7. PREVENT INFRASTRUCURE FROM HACKER ATTACK.

8. ACL IS A SET OF RULES WHICH WILL ALLOW OR DENY THE SPECIFIC TRAFFIC MOVING THROUGH THE ROUTER.

9. IT IS A LAYER 3 SECURITY WHICH CONTROLL THE FLOW OF TRAFFIC FROM ONE ROUTER TO ANOTHER ROUTER.

10. IT IS ALSO CALLED A "PACKET FILTERING FIREWALL".

ACL LEVEL

1. STANDERD ACL 

1. USED TO FILTER SOURCE SIDE INFRASTRUCURE ONLY.

2.  APPLY IS NEAREST TO THE DESTINATION.

3. (0-99 OR 1300-1999)

2. EXTANDERD ACL 

1. USED TO FILTER SOURCE SIDE AS WELL AS RECIEVER SIDE ALSO.

2. APPLY IS NEAREST TO THE SOURCE.

3. (100-199 OR 2000-2699) 

TYPES OF ACL

NUMBERED ACL

WE CAN USE SPECIFIC NUMBER TO APPLY THE ACL.

NAMED ACL

WE CAN USE  NAMED TO APPLY THIS.

DIFFERENT B/W STANDERD AND EXTENDED ACL


_____________

CONFIGURATION  EXTANDED ACL

STEP 1

1. FIRST OF ALL CONFIGURE IP ADDRESS IN ALL DEVICES.

2. CONFIGURATION RIP PROTOCOL IN R1, R2 AND R3.

STEP 2

1. CHECK CONNECTIVITY BETWEEN ALL DEVICES.

2. CONFIGURATION ACL IN R1.

_____________

STEP 1


1. GO TO R1 CONFIGURATION MODE AND ENTER COMMANDS FOR ASSIGN IP ADDRESS.

Router(config)# hostname R1
R1(config)# inter gig0/1
R1(config)# ip address 1.1.1.1 255.0.0.0
R1(config)#  no sh
R1(config)#  inter gig0/0
R1(config)#  ip address 192.168.1.1 255.255.255.0
R1(config)#  no sh

GO TO R2 CONFIGURATION MODE AND ENTER COMMANDS FOR ASSIGN IP ADDRESS.

Router(config)# hostname R2
R2(config)# inter gig0/0
R2(config)# ip address 1.1.1.2 255.0.0.0
R2(config)#  no sh
R2(config)#  inter gig0/2
R2(config)#  ip address 172.165.1.1 255.255.0.0
R2(config)#  no sh
R2(config)# inter gig0/1
R2(config)# ip address 2.2.2.1 255.0.0.0
R2(config)#  no sh

GO TO R3 CONFIGURATION MODE AND ENTER COMMANDS FOR ASSIGN IP ADDRESS.

Router(config)# hostname R3
R3(config)# inter gig0/0
R3(config)# ip address 2.2.2.2 255.0.0.0
R3(config)#  no sh
R3(config)#  inter gig0/1
R3(config)#  ip address 200.200.200.1 255.255.255.0
R1(config)#  no sh

ASSIGN IP ADDRESS IN SERVER , LAPTOP AND PC'S.

___________

CONFIGURATION RIP PROTOCOL

2. GO TO R1 CONFIGURATION MODE AND ENTER COMMANDS FOR RIP CONFIGURE.

R1(config)# router rip
R1(config)# network 192.168.1.0
R1(config)#  network 1.1.1.0

GO TO R2 CONFIGURATION MODE AND ENTER COMMANDS.

R2(config)# router rip
R2(config)# network 172.165.0.0
R2(config)#  network 1.1.1.0
R2(config)#  network 2.2.2.0

GO TO R3 CONFIGURATION MODE AND ENTER COMMANDS  FOR RIP CONFIGURE.

R3(config)# router rip
R3(config)# network 200.200.200.0
R3(config)#  network 2.2.2.0

R1 AND R2 AND R3 ENABLE MODE AND ENTER COMMAND  FOR RIP CONFIGURE.

#sh ip rip database

_______________

CONFIGURATION ACL

STEP 2

GO TO R1 CONFIGURATION MODE AND ENTER COMMANDS FOR ACL CONFIGURATION.

R1(config)#  access-list 101 deny tcp host 172.165.1.5 host 192.168.1.50 eq ftp

R1(config)#  access-list 101 deny tcp host 200.200.200.5 host 192.168.1.50 eq www

R1(config)#  access-list 101 deny icmp host 172.165.1.10 host 192.168.1.50

R1(config)#  access-list 101 permit ip any any

R1(config)#  inter gig0/0

R1(config)#  ip access-group 101 out


GO TO ENABLE MODE AND ENTER COMMAND.


R1#  sh access-lists 101

YOU SEE IT IS TELLING ALL ABOUT WHICH SERVICE IS BLOCKED FOR WHICH IP ADDRESS.

AFTER THAT YOU HAVE TO GO TO PCS AND LAPTOP AND CHECK IF ACL IS CONFIGURED OR NOT.

GO TO PC1 AND CHECK FTP BLOCKED OR NOT.

GO DESKTOP AND ENTER TWO COMMANDS

FIRST IS :  C:\>PING 192.168.1.50

SECOND IS : C:\>FTP 192.168.1.50

YOU CAN SEE THAT THE PC IS COMMUNICATING WITH THE SERVER, SERVER  REPLY FROM PC, BUT WE HAVE BLOCKED THE FTP SERVER FOR THAT. SO FTP SERVER DISSCONNECTING PC.

SIMILARLY YOU CAN ALSO CHECK THE ACL CONFIGURATION BY GOING TO PC2 AND LAPTOP TO SEE IF SERVICES ARE ACTUALLY BLOCKED FOR THEM.OR NOT.

GO TO PC2 DESKTOP AND ENTER TWO COMMANDS.

FIRST IS :  C:\>PING 192.168.1.50

SECOND IS : C:\>FTP 192.168.1.50



___________________


Comments

Post a Comment

Popular posts from this blog

TCP/IP MODEL

  HISTORY OF TCP/IP MODEL THE TCP/IP MODEL WAS DEVELOPED BY VINT CERF AND BOB KAHN IN THE 1970S. THEY WERE BOTH WORKING AT THE DEFENSE ADVANCED RESEARCH PROJECTS AGENCY (DARPA) AT THE TIME. Vint Cerf And Bob Kahn CERF AND KAHN WERE TASKED WITH DEVELOPING A NEW NETWORK PROTOCOL THAT WOULD BE MORE RELIABLE AND EFFICIENT THAN THE EXISTING PROTOCOLS. THEY CAME UP WITH THE IDEA OF USING A LAYERED APPROACH, WHICH WOULD ALLOW EACH LAYER TO FOCUS ON A SPECIFIC TASK. THIS LED TO THE DEVELOPMENT OF THE TCP/IP MODEL, WHICH IS STILL THE BASIS FOR HOW DATA IS TRANSMITTED OVER THE INTERNET TODAY. CERF AND KAHN ARE OFTEN REFERRED TO AS THE "FATHERS OF THE INTERNET" FOR THEIR WORK ON THE TCP/IP MODEL. THEY WERE INDUCTED INTO THE NATIONAL INVENTORS HALL OF FAME IN 2004 FOR THEIR CONTRIBUTIONS TO THE DEVELOPMENT OF THE INTERNET. HERE ARE SOME OTHER NOTABLE PEOPLE WHO CONTRIBUTED TO THE DEVELOPMENT OF THE TCP/IP MODEL: JON POSTEL: POSTEL WAS THE FIRST CHAIRMAN OF THE INTERNET ENGINEERI...
Post a Comment
Read more

About Me Information

HELLO FRIENDS, I HOPE YOU ALL ARE DOING WELL. I AM MAKING THIS BLOG FOR THE INFORMATION OF NETWORKING ABOUT. IN THIS BLOG WE WILL READ CCNA (200-301) AND ITS RELATED AND NETWORK RELATED INFORMATION. MY NAME IS ABDUL MANAN JAVED MANJ MY AGE IS 21 YEAR    I AM STUDED ABOUT NETWORK  TECHNOLOGY EMAIL ID : mananrajpoot449@gmail.com CONTACT NO : +923486777628 ADDRESS : ISLAMABAD,G7,KHADA MARKET My Website   My Facebook Account My Facebook Page My Linkedin Profile _____________________________ CONTENT ABOUT  HIS BLOGG 1.  Computer Network 2.   What Is Internet 3.   Network Architecture 4.  Osi Refrence Model 5.  Operating System 6.  Internet Protocol (Ip) 7.  Internet Protocol Types 8.   Port Number 9.  Mac-Address 10.    WHAT IS HUB 11.   WHAT IS SWITCH 12.   WHAT IS ROUTER 13.   WHAT IS NETWORK 14.   NETWORK CABLES 15.   ROUTING 16.  Data Transmission 17...
Post a Comment
Read more

Internet Protocol (IP) Address

  IP ADDRESS IT IS A UNIQUE ADDRESS THAT WE CAN ASSIGN TO DEVICE .SO THAT DEVICECAN COMMUNICATE WITH EACH OTHER. WE CANNAOT ASSIGN SAME IP ADDRESS IN ANY TWO DEVICES IN OUR NETWORK. IF WE WILL DO THIS THEN IT WILL BE  CAUSE A CONFLICT ERROR. TWO VERSION OF IP ADDRESS: 1: IPV4 ; 2: IPV6 ; IPV4 32 BITS AND IPV6 128 BITS. AN IP ADDRESS, OR INTERNET PROTOCOL ADDRESS, IS A SERIES OF NUMBERS THAT IDENTIFIES ANY DEVICE ON A NETWORK.  COMPUTERS USE IP ADDRESSES TO COMMUNICATE WITH EACH OTHER BOTH OVER THE INTERNET AS WELL AS ON OTHER NETWORKS. TO FIND THE IP ADDRESS CLASS WE NEED TO LOOK AT THE FIRST DIGIT OF THE IP ADDRESS. AND BY LOOKING AT THE FIRST DIGIT, WE CAN GUESS THE SUBNET MASK TO WHICH CLASS IT BELONGS. CLASS A IP ADDRESS SUBNET MASK 255.0.0.0 CLASS B IP ADDRESS SUBNET MASK  255.255.0.0  CLASS C IP ADDRESS SUBNET MASK 255.255.255.0 IANA TABLE IP RANGES                 IANA   ( Internet Assigned Numbers Au...
Post a Comment
Read more