Access List

From NesevoWiki
Jump to navigationJump to search

Definition:

With an Access Control List can access individual computers or networks to other networks or computer regulate or prohibit. For instance, you can just say that computer1 can't send http packages with the result that he can not connect to the Internet, but you can futuremore communicate and exchange data with other computers.

ACL Nummern:

1.. 99 Standard Acl

100..199 extended ACL

600..699 AppleTalk ACL

700..799 standard ACL für MAC Adressen

800..899 IPX- ACL

900..999 extended ACL

1000..1099 IPX Service Advertising Protocol

Build- up

The syntax of a standrd Access List is following built:

access-list <number> permit|deny <return address> <Wildcard- Mask>

The syntax of a extended Access List is following built:

access-list <number> <Protocol for example tcp> <return address> <Wildcard Mask> <destination address> <Wildcard Mask> <lt|eq> <port>

Example:


Standard Access List:


Access-list 1 permit 192.168.2.1 0.0.0.255

You can interpret this syntax following: The access list with the number 1 will allow all IP- adresses in the range of 192.168.2.x and the Router will send them.

Access-list 1 deny 192.168.2.1 0.0.0.255

You can interpret this syntax following: The access list with the number 1 will deny all IP- adresses in the range of 192.168.2.x and the Router will reject them.



Extandet Access List:


Access-list 101 permit tcp 192.168.2.1 0.0.0.255 192.168.100.1 0.0.0.255 eq 80

You can interpret this syntax following: The access list with the number 101 will allow all HTTP pacets with a return address in the range of 192.168.2.x and the destination address in the range of 192.168.100.x and the router will send them.



Access-list 101 deny tcp any 192.168.100.1 0.0.0.255 eq 23

You can interpret this syntax following: The access list with the number 101 will deny all Telnet pacets with anything IP-address, if the destination address is 192.168.100.1



Access-List zuordnen:

Router(config)#int fa 0/0 

  To join the interfacemode



Router(config-if)#ip access-group 1 out 

 You will configure that no frame can leave the destination net



Router(config)#int fa 1/0 

  You will join into the interface Fast Ethernet 1/0



Router(config-if)#ip access-group 101 in 

  You will configurwe that no frame can leave the owne net



attachment:

exercise Access Control List

Retrieved from "http://wiki.nesevo.com/index.php?title=Access_List&oldid=484"