Jeremy’s IT Lab - CCNA Course: Standard ACLs

Jun 26, 2024

Lecture Notes: Jeremy’s IT Lab - CCNA Course - Standard ACLs

Introduction

  • Free, complete course for the CCNA.
  • Today's topic: Standard ACLs (Access Control Lists).
  • ACLs fall under section 5, security fundamentals (topic 5.6) in the exam.
  • Focus on IPv4 ACLs for CCNA; IPv6 ACLs may be covered later.

Overview of The Video Content

  1. What are ACLs?
  2. ACL Logic and Processing
  3. Types of ACLs on Cisco Routers
  4. Configuration of Standard Numbered and Named ACLs
  5. Quiz with Boson ExSim for CCNA.

ACL Basics

  • ACLs control access to the network (mainly for security).
  • Function as packet filters, instructing the router to permit or discard specific traffic.
  • Filter traffic based on:
    • Source and destination IP addresses
    • Source and destination Layer 4 port numbers
  • ACLs consist of a list of Access Control Entries (ACEs).
  • Configured globally and then applied to interfaces (inbound or outbound).

Example Network Setup

  • Two routers (R1 and R2) with a point-to-point connection.
  • Networks connected:
    • R1: 192.168.1.0/24, 192.168.2.0/24
    • R2: 10.0.1.0/24, 10.0.2.0/24

Building and Applying ACLs

  • Example rule: Allow 192.168.1.0/24 to access 10.0.1.0/24 but deny 192.168.2.0/24.
  • Steps to create an ACL:
    1. Define ACL with ordered ACEs.
    2. Apply ACL to an interface (inbound or outbound).
  • Apply ACL as close to the destination as possible (rule-of-thumb for standard ACLs).
  • Example configurations:
    • Outbound on R2's G0/1 interface to meet the given requirements.

Key Points of ACL Operations

  • Order of entries is important.
  • Implicit deny at the end of all ACLs.
  • Can apply one ACL per direction on an interface (one inbound and one outbound).

Types of ACLs

  • Standard ACLs: Match based on source IP address.
    • Numbered Standard ACLs: Numbers 1-99, 1300-1999.
    • Named Standard ACLs: Identified by a name.
  • Extended ACLs: Match on source/destination IP, port numbers, etc.
    • Numbered Extended ACLs
    • Named Extended ACLs

Configuration

Standard Numbered ACLs

  • Command: access-list <number> <permit|deny> <ip> <wildcard-mask>
  • Example: access-list 1 deny 1.1.1.1 (denies host 1.1.1.1)
  • Permitting all other traffic: access-list 1 permit any
  • Apply to interface: ip access-group <number> <in|out>

Standard Named ACLs

  • Command: ip access-list standard <name>
  • Enter ACL config mode to define entries with sequence numbers.
  • Example: ip access-list standard BLOCK_BOB then define entries.
  • Applying named ACLs: Same as numbered, but use the name instead.

Show Commands

  • show access-lists: Displays all ACLs.
  • show ip access-lists: Displays only IP ACLs.
  • show running-config | include access-list: Shows lines with access-list from running config.

Example Configurations

  • Example setup for R1 and R2 to meet specific access requirements using both numbered and named ACLs.

Key Reminders

  • Understanding and configuring both numbered and named standard ACLs.
  • Applying ACLs correctly ensures network access control matches policy.

Quiz Overview

  • Practice questions to test ACL knowledge.

Conclusion

  • Summary of ACLs, their logic, and the types/configuration.
  • Importance of understanding ACL rules and implications in network security.