5 For example, RouterA can use an access list to deny access from Network 4 to Network 1; both networks are shown in Fig
6 With the following conceptual syntax, you create the standard access list to block access from Network 4 to Network 1: access list 1 deny Network 4 access list 1 permit any
7 If you wanted to deny traffic from Network 3 and Network 4, the access list conceptual syntax are: access list 1 deny Network 3 access list 1 deny Network 4 access list 1 permit any
8 IP Access Lists Lists IP Lists IP IP Standard Access IP Extended Access
9 IP Standard Access Control Lists (ACL) Concepts For example, we assume that Bob is not allowed to access Server1, but Larry is.
10 IP Standard Access Lists ( ) Filtering logic could be configured on any of the three routers and on any of their interfaces.
11 Here are some key features of Cisco access lists: Packets can be filtered as they enter an interface, before the routing decision. Packets can be filtered before they exit an interface, after the routing decision.
12 Here are some key features of Cisco access lists: (cont.) Deny implies that the packets will be filtered. Permit implies that the packets will not be filtered.
13 Here are some key features of Cisco access lists: (cont.) The filtering logic is configured in the access list. At the end of every access list is an implied that deny all traffic statement.
14 Access Lists have two major steps in their logic: matching and action. Look the packets with Bob s So the access List for source IP address and preventing Bob s traffic to the server might go something like: the Server1 s destination IP address. When you see them, discard them. If you see any other packets, do not discard them.
15 IP Standard Access Lists ( ) 1~99
16 IP Standard Access Lists ( ) IP Access-list access-list-number [permit deny] source [source wildcard mask]
17 IP Standard Access Lists ( ) ip access-group access-list-number [in out]
18 IP Standard Access Lists ( ) Source address Wildcard Mask Wildcard Mask 0 don t care 1 need match
23 Wildcard mask examples Consider the IP addresses and wildcard mask shown in Table 1.
24 Wildcard mask examples (cont.) An access-list that states access-list 1 permit Will allow traffic from any odd-numbered subnet to pass.
25 Wildcard mask examples (cont.)
26 Wildcard mask examples (cont.)
27 Wildcard mask Eg. 1: The following example tells the router to match the first three octets exactly but the fourth octet can be anything. access-list 10 deny
28 Wildcard mask Eg. 2: The following example tells the router to match the first two octets and that the last two octets can be anything. access-list 10 deny
29 Wildcard mask Eg. 3: The following example tells the router to start at network and use a block size of 4. The blocking range would then access-list be deny through
30 Wildcard mask Eg. 4: The example shows an access list starting at network and going up a block size of 8 to access-list 10 deny
31 Wildcard mask Eg. 5: The following example starts at network and goes up a block size of 32 to access-list 10 deny
32 Wildcard mask Eg. 6: The last example starts at network and goes up a block size of 64 to access-list 10 deny
33 Wildcard mask Please keep in mind when working with block size and wildcards: Each block size must start at 0 or a multiple of the block size.
34 Wildcard mask For example, you can t say that you want a block size of 8 and then start at 12. You must use 0-7, 8-15, 16-23, etc. For a block size of 32, the ranges are 0-31, 32-63,
35 Standard IP Access List Examples Standard IP access list permit or deny packets based only on the source address. These address can be a single host address, a subnet address, or a full network address.
36 Using the sample network in Fig. 10-8, you can create a standard IP access list that blocks host from accessing subnet
37 Fig shows the commands you would enter on RouterB to accomplish this task.
38 Standard IP ACL Examples (cont. Correct placement of a list is imperative. If the list were placed on RouterB s access list 1 deny S1 interface as an inbound access list 1 permit any list, it would work with the int s1 sample network. ip access-group 1 in
39 Standard IP ACL Examples (cont. However, if RouterB had another Ethernet interface, as shown in Fig , placing the access list on S1 would inadvertently block traffic to the 2nd Ethernet interface, E1.
40 Standard IP ACL Examples (cont. You should apply the standard IP access list as close to the destination as possible. Otherwise, you will inadvertently block access to portions of your network.
41 Standard IP ACL Examples (cont. To view the access list defined on your routers, use show access-lists command and show ip access-lists command.
42 Standard IP ACL Examples (cont. To view which interfaces have IP access lists set, use show ip interface command.
43 Standard IP ACL Examples (cont. You can remove the access list with the no ip access-group [list #].
44 Standard IP ACL Examples (cont. Now assume that instead of blocking a single host from subnet , you want to block all traffic from this subnet to subnet
45 Standard IP ACL Examples (cont. Finally, assume that you want to block access to the subnet from all hosts on subnets and
46 Monitoring Standard IP Access Lists Three main commands are available for monitoring access lists on your router. show access-lists show ip access-lists show ip interface
47 Sam is not allowed access to Bugs or Daffy Hosts on the Seville Ethernet are not allowed access to hosts on the Yosemite Ethernet All other combined are
50 ( )
51 IP Extended Access Lists 100~199 IP Extended Access Lists
54 ( ) access-list 105 permit IP interface e ip access-group 105
55 IP Extended Access Lists ( ) TCP UDP FTP 21 Telnet 23 port SMTP name 25 HTTP 80 POP3 110 NNTP 119 PPTP 1723 L2TP 1701 TFTP 69 BOOTPS 67 BOOTPC 68 TCP UDP port number
56 drivers\etc services IP Extended Access Lists ( ) %systemroot%\system32\
57 IP Extended Access Lists ( )
58 Extended IP ACL Examples Using Fig as an example, this section discuss how to block host from accessing Web services on server
59 Extended IP ACL Examples (cont.)
60 Standard and Extended IP Access Lists: Matching
61 Extended access-lists Commands
62 Extended access-lists Commands
63 ACL Implement. Considerations Create your ACLs using a text editor outside the router, and copy and paste configuration into the router.
64 ACL Implement. Consider. (cont.) Place Standard ACLs as close to the packet s destination as possible.
65 ACL Implement. Consider. (cont.) Place Extended ACLs as close to the source of the packet as possible to discard the packets quickly.
66 IP Access Lists IP Access Lists IP Access Lists
67 (conf) ip access-group 10 out IP Access Lists access-lists accessgroup conf ter (conf) access-list 10 deny (conf) int fa0/ (conf) access-list 10 permit any
68 P Access Lists ( ) conf ter (conf) access-list 11 deny (conf) int fa0/ (conf) access-list 11 permit any (conf) ip access-group 11 out
69 IP Access Lists ( ) show interface fa0/0
70 IP Access Lists ( ) access-lists access-group Telnet conf ter (conf) access-list 111 deny tcp any eq telnet
71 IP Access Lists ( ) access-lists access-group ( ) (conf) access-list 111 permit (conf) int fa0/0 ip any any (conf) ip access-group 111 out
72 IP Access Lists ( ) access-lists show ip access-list
73 IP Access Lists ( ) Bob is denied access to all FTP servers on R1 s Ethernet Larry is denied access to Server1 s Web server All other combined are allowed.
74 IP Access Lists ( ) ( )
75 IP Access Lists ( ) R1 s Extended Access List int s0 ip addr ip access-group 101 in int s1 ip addr ip access-group 101 in
76 IP Access Lists ( ) ( ) ccess-list 101 deny tcp host eq ftp ccess-list 101 deny tcp host host eq http p access-group 101 permit ip any any
77 IP Access Lists ( ) Bob is denied access to all FTP servers on R1 s Ethernet -> R3 R3 Larry is denied access to Server1 s Web server -> R2 R2
78 ccess-list 101 permit ip any any IP Access Lists ( ) R3 s Extended Access List Stopping Bob from Reaching FTP Servers int e0 ip addr ip access-group 101 in ccess-list 101 deny tcp host eq ftp
79 acess-list 101 permit ip any any IP Access Lists ( ) R2 s Extended Access List Stopping Larry from Accessing int e0 Web Servers ip addr ip access-group 101 in access-list 101 deny tcp host eq http
80 IP Access Lists ( ) ICMP access-list 101 deny icmp host host echo-replay ip access-group 101 permit ip any any
81 IP Access Lists ( ) ICMP (conf) int e0 (conf) ip access-group 101 in
82 IP Access Lists ( ) Server ping echo access-list 101 deny icmp host echo-replay ip access-group 101 permit ip any any
83 If you want to remove a list from a list from an interface, you can use the no ip-access-group [list #] [in out] command. (see Fig )
84 IP Access Lists ( ) Controlling VTY line Access Telnet conf ter (conf) access-list 12 permit or (conf) access-list 12 permit host
85 IP Access Lists ( ) Telnet ( ) (conf) line vty 0 4 (conf-line) access-class 12 in
86 IP Access Lists ( ) Telnet (conf) access-list 13 permit (conf) line vty (conf-line) access-class 13 in
87 IP Access Lists IP Access Lists IP Access Lists
88 IP Access Lists Ans: B Which one of the following is a range of standard IP access list? A. 0~99 B. 1~99 C. 100~199 D. 200~299 E. None of the above
89 Ans: A IP Access Lists ( ) Which one of the following command assigns a number and condition for the list? A. access-list B. access-group C. access-number D. list-number E. None of the above
90 Which one of the following command will you use to display access lists set in IP interface? A. show int ip B. show ip access-list C. show ip list D. show ip int E. None of the above Ans: D
91 Which one of the following command will you use to display all access-lists on Serial 0? A. show all access-list B. show access-list ser0 C. show ip ser 0 access-list D. show ip int ser0 E. None of the above Ans: D
92 Ans: A IP Access Lists ( ) Which one of the following command will you use to permit all SNMP? A. access-list 123 permit tcp any any eq SNMP B. access-list 123 permit SNMP C. access-list 123 deny all D. access-list 123 deny SNMP all
93 Ans: A IP Access Lists ( ) What does any mean in access-list command? A B C D E
94 IP Access Lists Ans: C Which one of the following wildcard mask will you use to match the range ~ ? A B C D E
95 IP Access Lists Which of the following wildcard masks is most useful for matching all IP packets in subnet , mask ? A B C D
96 IP Access Lists Which of the following wildcard masks is most useful for matching all IP packets in subnet , mask ? A B C D
TCP/IP : TCP/IP TCP/IP OSI IP TCP IP IP TCP/IP TCP/IP 1. ASCII EBCDIC Extended Binary-Coded Decimal Interchange Code 2. / (1) (2) Single System Image SSI) (3) I/O (4) 3.OSI OSI Open System Interconnection
12 IP I P I P E s t a b l i s h e d I P I P l o c k - a n d - k e y V T Y 12.1 1) 2) D D R 3) 4) 5) 12.2 IP C i s c o 1) I P I P I P 402 CCIE 1 I P 0 0.0.0.0 1 3 150. 1. 1 1 ~ 255 150. 1. 1. 0 2) Inbound
Windows XP What is Windows XP Windows is an Operating System An Operating System is the program that controls the hardware of your computer, and gives you an interface that allows you and other programs
HDMI camera ARTRAY CO,. LTD Introduction Thank you for purchasing the ARTCAM HDMI camera series. This manual shows the direction how to use the viewer software. Please refer other instructions or contact
HGC efax Service User Guide I. Getting Started Page 1 II. Fax Forward Page 2 4 III. Web Viewing Page 5 7 IV. General Management Page 8 12 V. Help Desk Page 13 VI. Logout Page 13 Page 0 I. Getting Started
Do you know these words?... 3.1 3.5 Can you do the following?... Ask for and say the date. Use the adverbial of time correctly. Use Use to ask a tag question. Form a yes/no question with the verb / not
3 Cisco 3.1 S e t u p C i s c o C i s c o Cisco IOS C i s c o 3.2 Te l n e t T F T P 3-1 3-1 configure terminal configure memory Configure network t e l n e t < C t r l - Z > conf t N V R A M T F T P I
2010 年 理 工 类 AB 级 阅 读 判 断 例 题 精 选 (2) Computer mouse How does the mouse work? We have to start at the bottom, so think upside down for now. It all starts with mouse ball. As the mouse ball in the bottom
8 Microsoft VPN Windows NT 4 V P N Windows 98 Client 7 Vintage Air V P N 7 Wi n d o w s NT V P N 7 VPN ( ) 7 Novell NetWare VPN 8.1 PPTP NT4 VPN Q 154091 M i c r o s o f t Windows NT RAS [ ] Windows NT4
Abacus Fully Automated Process of VMCO on CX, KA, CPH & KAH 16 Nov 2009 To streamline the VMCO handling on CX, KA, CPH & KAH, Abacus is pleased to inform you that manual submission of VMCO to CX/KA/CPH/KAH
2 3 4 5 Chinese Linux Documentation Project / 6 7 8 9 10 #!/bin/sh # # named This shell script takes care of starting and stopping # named (BIND DNS server). # # Source function library.. /etc/rc.d/init.d/functions
TX-NR3030 http://www.onkyo.com/manual/txnr3030/adv/cs.html Cs 1 2 3 Speaker Cable 2 HDMI OUT HDMI IN HDMI OUT HDMI OUT HDMI OUT HDMI OUT 1 DIGITAL OPTICAL OUT AUDIO OUT TV 3 1 5 4 6 1 2 3 3 2 2 4 3 2 5
BYOD 204 2015 GoogleHicloud (Load Balance) Server Load Balance Link Load Balance Server Redirect 1. URL Redirect redirector URL redirect Real Server Client HTTP Real Server Web Client 2 (1) URL Redirect
2004 5 IP TCP/IP PC OS µclinux MPEG4 Blackfin DSP MPEG4 IP UDP Winsock I/O DirectShow Filter DirectShow MPEG4 µclinux TCP/IP IP COM, DirectShow I Abstract The techniques of digital video processing, transferring
IP Session IP? IP Cisco IP IP IP IP IP? LAN Software Bluetooth,, 802.11 IP IP IP QoS IP Trust Domain (TD 1 ) TD 2 AR AR AP AP (MN) (MN) IP IP ( ) (MR) IP LAN MR (AP) IP 802.11 (AL) LAN/PAN 802.11, 802.15,
TOEFL Practice Online User Guide Revised September 2009 In This Guide General Tips for Using TOEFL Practice Online Directions for New Users Directions for Returning Users 2 General Tips To use TOEFL Practice
IPv6 / LINE YouTube TCP/IP TCP (Transmission Control Protocol) IP (Internet Protocol) (node) (address) IPv4 184.108.40.206 IPv4 1981 RFC 791 --IP IPv4 32 2 32 42 IP (Internet Service Provider ISP) IP IP IPv4
A Study on Grading and Sequencing of Senses of Grade-A Polysemous Adjectives in A Syllabus of Graded Vocabulary for Chinese Proficiency 2002 I II Abstract ublished in 1992, A Syllabus of Graded Vocabulary
I II III The Study of Factors to the Failure or Success of Applying to Holding International Sport Games Abstract For years, holding international sport games has been Taiwan s goal and we are on the way
Doreen Virtue, Ph.D. Charles Virtue C o n t e n t s...7... 15 1. Acceptance... 17 2. Allow Love... 19 3. Apologize... 21 4. Archangel Metatron... 23 5. Archangel Michael... 25 6. Ask for a Sign... 27 7.
WebSphere Studio Application Developer IBM Portal Toolkit... 1/21 WebSphere Studio Application Developer IBM Portal Toolkit Portlet Doug Phillips (firstname.lastname@example.org),, IBM Developer Technical Support Center
11 VPN Windows NT4 B o r d e r M a n a g e r VPN VPN V P N V P N V P V P N V P N TCP/IP 11.1 V P N V P N / ( ) 11.1.1 11 V P N 285 2 3 1. L A N LAN V P N 10MB 100MB L A N VPN V P N V P N Microsoft PPTP
Reflection and Serving Learning 長 庚 科 技 大 學 護 理 系 劉 杏 元 一 服 務 學 習 為 何 要 反 思 All those things that we had to do for the service-learning, each one, successively helped me pull together what I d learned.
CENTRO 花 甲 老 人 的 for 交 the over 60s 通 travel 证 passes for the over 60s travel passes for the over 60s travel 谢 谢 发 给 我 这 个 交 通 证, travel passes for the over 60s 我 travel 今 passes 年 for 66 the over 岁 60s
THE INSTALLING INSTRUCTION FOR CONCEALED TANK Important instuction:.. Please confirm the structure and shape before installing the toilet bowl. Meanwhile measure the exact size H between outfall and infall
NCHC Opensource task force DRBL email@example.com, firstname.lastname@example.org National Center for High-Performance Computing http://www.nchc.gov.tw Jan, 2003 1 2003/1/28 ( ) 09:00-10:30 10:40-12:00 Linux 13:00-14:30
email@example.com Internet 3 James F.Kurose Keith W.Ross 4 Andrew S.Tanenbaum 3 Larry L.Peterson, Bruce S.Davie 3 1. ISO OSI/RM( ) TCP/IP ( TELNET, FTP, SMTP ) (TCP UDP) IP 2. Internet : Internet 5 (1)
4302 動態光散射儀 (Dynamic Light Scattering) 代工實例與結果解析 生醫暨非破壞性分析團隊 2016.10 updated Which Size to Measure? Diameter Many techniques make the useful and convenient assumption that every particle is a sphere. The
I II III IV The theories of leadership seldom explain the difference of male leaders and female leaders. Instead of the assumption that the leaders leading traits and leading styles of two sexes are the
: 1 Students are required to know 50 states and capitals and their geological locations. This is an independent working packet to learn about 50 states and capital. Students are asked to fulfill 4 activities
8 TCP/IP TCP/IP TCP OSI 8.1 OSI 4 end to end A B FTP OSI Connection Management handshake Flow Control Error Detection IP Response to User s Request TCP/IP TCP 181 UDP 8.2 TCP/IP OSI OSI 3 OSI 3 8.1 TCP/IP
.1 TCP/IP TCP/IP 1 .2.2.1 Host 1960 S 1970 S Host Low Speed Lines 1970 S 1980 S pc Server Local Interneting 1980 S 1990 S Branch. pc Branch. WAN Branch. pc pc IBM SNA IBM X.25 2 .2.2 OSI OSI Application