Skip to main content

ACCESS CONTROLL LIST (ACL)

 

WHAT IS ACL

1. ACL IS USED TO  NETWORK TRAFFIC. FILTER ACL BLOCK A ANY CLIENT AND ANY PC.

2. ACL USED TO FILTER THE TRAFFIC IN NETWORK INFRASTRUCRED.

3. FILTER TRANSMISSION (FULL DUPLEX AND HALF DUPLEX).

4. REDUCE THE NETWORK TRAFFIC.

5. CONTROLL ACCESSING (AUTHRIZED AND UNUTHERIZED).

6. NETWORK ADMIN CAN BLOCK THE HACKER ON UNKNOWN ACCESSING.

7. PREVENT INFRASTRUCURE FROM HACKER ATTACK.

8. ACL IS A SET OF RULES WHICH WILL ALLOW OR DENY THE SPECIFIC TRAFFIC MOVING THROUGH THE ROUTER.

9. IT IS A LAYER 3 SECURITY WHICH CONTROLL THE FLOW OF TRAFFIC FROM ONE ROUTER TO ANOTHER ROUTER.

10. IT IS ALSO CALLED A "PACKET FILTERING FIREWALL".

ACL LEVEL

1. STANDERD ACL 

1. USED TO FILTER SOURCE SIDE INFRASTRUCURE ONLY.

2.  APPLY IS NEAREST TO THE DESTINATION.

3. (0-99 OR 1300-1999)

2. EXTANDERD ACL 

1. USED TO FILTER SOURCE SIDE AS WELL AS RECIEVER SIDE ALSO.

2. APPLY IS NEAREST TO THE SOURCE.

3. (100-199 OR 2000-2699) 

TYPES OF ACL

NUMBERED ACL

WE CAN USE SPECIFIC NUMBER TO APPLY THE ACL.

NAMED ACL

WE CAN USE  NAMED TO APPLY THIS.

DIFFERENT B/W STANDERD AND EXTENDED ACL


_____________

CONFIGURATION  EXTANDED ACL

STEP 1

1. FIRST OF ALL CONFIGURE IP ADDRESS IN ALL DEVICES.

2. CONFIGURATION RIP PROTOCOL IN R1, R2 AND R3.

STEP 2

1. CHECK CONNECTIVITY BETWEEN ALL DEVICES.

2. CONFIGURATION ACL IN R1.

_____________

STEP 1


1. GO TO R1 CONFIGURATION MODE AND ENTER COMMANDS FOR ASSIGN IP ADDRESS.

Router(config)# hostname R1
R1(config)# inter gig0/1
R1(config)# ip address 1.1.1.1 255.0.0.0
R1(config)#  no sh
R1(config)#  inter gig0/0
R1(config)#  ip address 192.168.1.1 255.255.255.0
R1(config)#  no sh

GO TO R2 CONFIGURATION MODE AND ENTER COMMANDS FOR ASSIGN IP ADDRESS.

Router(config)# hostname R2
R2(config)# inter gig0/0
R2(config)# ip address 1.1.1.2 255.0.0.0
R2(config)#  no sh
R2(config)#  inter gig0/2
R2(config)#  ip address 172.165.1.1 255.255.0.0
R2(config)#  no sh
R2(config)# inter gig0/1
R2(config)# ip address 2.2.2.1 255.0.0.0
R2(config)#  no sh

GO TO R3 CONFIGURATION MODE AND ENTER COMMANDS FOR ASSIGN IP ADDRESS.

Router(config)# hostname R3
R3(config)# inter gig0/0
R3(config)# ip address 2.2.2.2 255.0.0.0
R3(config)#  no sh
R3(config)#  inter gig0/1
R3(config)#  ip address 200.200.200.1 255.255.255.0
R1(config)#  no sh

ASSIGN IP ADDRESS IN SERVER , LAPTOP AND PC'S.

___________

CONFIGURATION RIP PROTOCOL

2. GO TO R1 CONFIGURATION MODE AND ENTER COMMANDS FOR RIP CONFIGURE.

R1(config)# router rip
R1(config)# network 192.168.1.0
R1(config)#  network 1.1.1.0

GO TO R2 CONFIGURATION MODE AND ENTER COMMANDS.

R2(config)# router rip
R2(config)# network 172.165.0.0
R2(config)#  network 1.1.1.0
R2(config)#  network 2.2.2.0

GO TO R3 CONFIGURATION MODE AND ENTER COMMANDS  FOR RIP CONFIGURE.

R3(config)# router rip
R3(config)# network 200.200.200.0
R3(config)#  network 2.2.2.0

R1 AND R2 AND R3 ENABLE MODE AND ENTER COMMAND  FOR RIP CONFIGURE.

#sh ip rip database

_______________

CONFIGURATION ACL

STEP 2

GO TO R1 CONFIGURATION MODE AND ENTER COMMANDS FOR ACL CONFIGURATION.

R1(config)#  access-list 101 deny tcp host 172.165.1.5 host 192.168.1.50 eq ftp

R1(config)#  access-list 101 deny tcp host 200.200.200.5 host 192.168.1.50 eq www

R1(config)#  access-list 101 deny icmp host 172.165.1.10 host 192.168.1.50

R1(config)#  access-list 101 permit ip any any

R1(config)#  inter gig0/0

R1(config)#  ip access-group 101 out


GO TO ENABLE MODE AND ENTER COMMAND.


R1#  sh access-lists 101

YOU SEE IT IS TELLING ALL ABOUT WHICH SERVICE IS BLOCKED FOR WHICH IP ADDRESS.

AFTER THAT YOU HAVE TO GO TO PCS AND LAPTOP AND CHECK IF ACL IS CONFIGURED OR NOT.

GO TO PC1 AND CHECK FTP BLOCKED OR NOT.

GO DESKTOP AND ENTER TWO COMMANDS

FIRST IS :  C:\>PING 192.168.1.50

SECOND IS : C:\>FTP 192.168.1.50

YOU CAN SEE THAT THE PC IS COMMUNICATING WITH THE SERVER, SERVER  REPLY FROM PC, BUT WE HAVE BLOCKED THE FTP SERVER FOR THAT. SO FTP SERVER DISSCONNECTING PC.

SIMILARLY YOU CAN ALSO CHECK THE ACL CONFIGURATION BY GOING TO PC2 AND LAPTOP TO SEE IF SERVICES ARE ACTUALLY BLOCKED FOR THEM.OR NOT.

GO TO PC2 DESKTOP AND ENTER TWO COMMANDS.

FIRST IS :  C:\>PING 192.168.1.50

SECOND IS : C:\>FTP 192.168.1.50



___________________


Comments

Post a Comment

Popular posts from this blog

About Me Information

HELLO FRIENDS, I HOPE YOU ALL ARE DOING WELL. I AM MAKING THIS BLOG FOR THE INFORMATION OF NETWORKING ABOUT. IN THIS BLOG WE WILL READ CCNA (200-301) AND ITS RELATED AND NETWORK RELATED INFORMATION. MY NAME IS ABDUL MANAN JAVED MANJ MY AGE IS 21 YEAR    I AM STUDED ABOUT NETWORK  TECHNOLOGY EMAIL ID : mananrajpoot449@gmail.com CONTACT NO : +923486777628 ADDRESS : ISLAMABAD,G7,KHADA MARKET My Website   My Facebook Account My Facebook Page My Linkedin Profile _____________________________ CONTENT ABOUT  HIS BLOGG 1.  Computer Network 2.   What Is Internet 3.   Network Architecture 4.  Osi Refrence Model 5.  Operating System 6.  Internet Protocol (Ip) 7.  Internet Protocol Types 8.   Port Number 9.  Mac-Address 10.    WHAT IS HUB 11.   WHAT IS SWITCH 12.   WHAT IS ROUTER 13.   WHAT IS NETWORK 14.   NETWORK CABLES 15.   ROUTING 16.  Data Transmission 17...
Post a Comment
Read more

CSST COURSE 1.0

Q1. WHAT IS A ADDRESSING. Network addressing is like a two-part delivery system:   Logical Addressing (IP): This is like your permanent address (e.g., 192.168.1.1) that lets data find your device anywhere on the internet. Physical Addressing (MAC): Think of this as a unique ID for your device's network card (AA:BB:CC:DD:EE:FF) used for local delivery within your network. Q2. WHAT IS A PACKET AND FRAME . Packets: Layer: Network Layer (Layer 3) Content: The actual data you want to send, like an email, a video, or website information. Addressing: Contains logical addresses (IP addresses) to identify the sender and receiver on the network. Size: Can vary depending on the data type, but generally larger than frames. Travels across networks: Packets can travel across different networks, like the internet, as they are routed based on IP addresses. Frames: Layer: Data Link Layer (Layer 2) Content: The packet wrapped with additional information for local deliver...
Post a Comment
Read more

DOS AND DDOS ATTACK

A Dos (Denial-Of-Service) Attack and A DDOS (Distributed Denial-Of-Service) Attack Are Both Attempts to Make a Computer System or Network Resource Unavailable to Legitimate Users. However, They Differ in How They Achieve This: Dos Attack: Imagine A Single Person Throwing Rocks at A Castle Gate. A This Person Represents the Attacker, And the Rocks Represent the Malicious Traffic. The Castle Gate Represents the Target System or Network Resource. The Attacker Keeps Throwing Rocks, Trying to Overwhelm the Gate's Defenses and Gain Entry. Dos Attacks Are Typically Launched from A Single System. They Can Be Effective Against Small Systems or Networks, But Larger Systems Can Often Withstand Them. DDos Attack: Imagine An Army Throwing Rocks at A Castle Gate. This Army Represents the Attacker, And the Rocks Represent the Malicious Traffic. The Castle Gate Represents the Target System or Network Resource. The Attackers Coordinate Their Attack, Throwing Rocks from Multiple Directions at Once. ...
Post a Comment
Read more