Main Menu
Articles Home
Most Popular Articles
Top Authors
Submit Articles
Submission Guidelines
Link to Us
Bookmark
Contact Us

Articles Categories
  ·  Computer Certification
  ·  Data Recovery
  ·  Databases
  ·  E-Learning
  ·  Hardware
  ·  Information Technology
  ·  Intra-net
  ·  Networks
  ·  Operating Systems
  ·  Programming
  ·  Security
  ·  Software
 


Partners
 
Home / Computers / Computer Certification

Cisco CCNA Exam Tutorial: Configuring Standard Access Lists

By:Chris Bryant, CCIE #12933


Access Control Lists (ACLs) allow a router to permit or deny packets based on a variety of criteria. The ACL is configured in global mode, but is applied at the interface level. An ACL does not take effect until it is expressly applied to an interface with the ip access-group command. Packets can be filtered as they enter or exit an interface.



If a packet enters or exits an interface with an ACL applied, the packet is compared against the criteria of the ACL. If the packet matches the first line of the ACL, the appropriate “permit” or “deny” action is taken. If there is no match, the second line’s criterion is examined. Again, if there is a match, the appropriate action is taken; if there is no match, the third line of the ACL is compared to the packet.



This process continues until a match is found, at which time the ACL stops running. If no match is found, a default “deny” takes place, and the packet will not be processed. When an ACL is configured, if a packet is not expressly permitted, it will be subject to the implicit deny at the end of every ACL. This is the default behavior of an ACL and cannot be changed.



A standard ACL is concerned with only one factor, the source IP address of the packet. The destination is not considered. Extended ACLs consider both the source and destination of the packet, and can consider the port number as well. The numerical range used for each is different: standard ACLs use the ranges 1-99 and 1300-1399; extended lists use 100-199 and 2000 to 2699.



There are several points worth repeating before beginning to configure standard ACLs.



Standard ACLs consider only the source IP address for matches.



The ACL lines are run from top to bottom. If there is no match on the first line, the second is run; if no match on the second, the third is run, and so on until there is a match, or the end of the ACL is reached. This top-to-bottom process places special importance on the order of the lines.



There is an implicit deny at the end of every ACL. If packets are not expressly permitted, they are implicitly denied.



If Router 3’s Ethernet interface should only accept packets with a source network of 172.12.12.0, the ACL will be configured like this:



R3#conf t



R3(config)#access-list 5 permit 172.12.12.0 0.0.0.255



The ACL consists of only one explicit line, one that permits packets from source IP address 172.12.12.0 /24. The implicit deny, which is not configured or seen in the running configuration, will deny all packets not matching the first line.



The ACL is then applied to the Ethernet0 interface:



R3#conf t



R3(config)#interface e0



R3(config-if)#ip access-group 5 in



But before you write any ACLs, it's a really good idea to see what other ACLs are already running on the router! To see the ACLs running on the router, use the command show access-list.



R1#show access-list



Standard IP access list 1


permit 0.0.0.0



Standard IP access list 5


permit 172.1.1.1



Standard IP access list 7


permit 23.3.3.3



Extended IP access list 100


permit tcp any any lt www (26 matches)


permit tcp any any neq telnet (12 matches)


deny ip any any



Extended IP access list 105


deny tcp any any eq www


deny tcp any any eq telnet



You're going to use ACLs all the way up the Cisco certification ladder, and throughout your career. The importance of knowing how to write and apply ACLs is paramount, and it all starts with mastering the fundamentals!



Digg del.icio.us Blink Stumble Spurl Reddit Netscape Furl

Article keywords: cisco, ccna, exam, pass, certification, access, list, standard, wildcard, mask, extended, named

Article Source: http://www.articles2k.com

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of free CCNA and CCNP tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.

You can also join his RSS feed and visit his blog, which is updated several times daily with new Cisco certification articles, free tutorials, and daily CCNA / CCNP exam questions! Details are on the website.

For a FREE copy of his latest e-books, “How To Pass The CCNA” and “How To Pass The CCNP”, visit the website and download your free copies. You can also get FREE CCNA and CCNP exam questions every day! Get your CCNA study guide from The Bryant Advantage!
Top Computer Certification Articles
  • 1). Cisco CCNA Certification Exam Tutorial: Variance And Unequal Cost Load Balancing  By : Chris Bryant, CCIE #12933
    To pass the CCNA exam, you've got to know how to work with IGRP and EIGRP unequal-cost load balancing. You may not see much IGRP in production networks anymore, but you'll see a lot of EIGRP, and part of fine-tuning your EIGRP network is making sure that all paths are in use while allowing for varying bandwidth rates. Using the variance command is the easy part - it's getting the metric that's the hard part with IGRP.
  • 2). Cisco CCNA / CCNP Home Lab Tutorial: Configuring An Access Server  By : Chris Bryant, CCIE #12933
    As your CCNA / CCNP home lab expands, an access server such as the Cisco 2509 or 2511 is one of the best investments you can make. In this article, we'll look at the basic configuration for an access server and discuss how to connect to the other routers and switches in your pod through the AS. Here's part of a configuration from one of my access servers: ip host FRS 2006 100.
  • 3). Cisco CCNA Exam Tutorial: Route Summarization  By : Chris Bryant, CCIE #12933
    Preparing to pass the CCNA exam and earn this important Cisco certification? Route summarization is just one of the many skills you'll have to master in order to earn your CCNA. Whether it's RIP version 2, OSPF, or EIGRP, the CCNA exam will demand that you can flawlessly configure route summarization. Route summarization isn't just important for the CCNA exam.
  • 4). Cisco CCNA Certification: Defining Broadcast Domains  By : Chris Bryant, CCIE #12933
    When you're studying to pass the CCNA exam and earn your certification, you're introduced to a great many terms that are either totally new to you or seem familiar, but you're not quite sure what they are. The term "broadcast domain" falls into the latter category for many CCNA candidates. A broadcast domain is simply the group of end hosts that will receive a broadcast sent out by a given host.
  • 5). Cisco CCNP / BCMSN Exam Tutorial: Changing Root Bridge Election Results  By : Chris Bryant, CCIE #12933
    Your BCMSN and CCNP studies will include mastering the details of Spanning Tree Protocol (STP). While you learned some of these details in your CCNA studies, quite a bit of it may be new to you. Before going on to the intermediate and advanced STP features, let's review the root bridge election process and learn how to change these results. Each switch will have a Bridge ID Priority value, more commonly referred to as a BID.
  • 6). How To Earn Cisco’s Firewall Specialist Certification  By : Chris Bryant, CCIE #12933
    Security is a hot topic in today's networks, and will continue to be for a long time to come. With that in mind, you must consider adding a Cisco security certification to your resume and firewall skills to your skill set. It's quite a jump from the CCNA to the CCSP (Cisco Certified Security Professional), and Cisco has made that leap more manageable by adding Specialist certifications.
  • 7). Cisco CCNA Exam Tutorial: Configuring Standard Access Lists  By : Chris Bryant, CCIE #12933
    Access Control Lists (ACLs) allow a router to permit or deny packets based on a variety of criteria. The ACL is configured in global mode, but is applied at the interface level. An ACL does not take effect until it is expressly applied to an interface with the ip access-group command. Packets can be filtered as they enter or exit an interface. If a packet enters or exits an interface with an ACL applied, the packet is compared against the criteria of the ACL.
  • 8). Cisco CCNP / BSCI Exam Tutorial: Using The OSPF Command “Area Range”  By : Chris Bryant, CCIE #12933
    Your BSCI and CCNP exam success depends on knowing the details, and one such detail is knowing the proper way to summarize routes in OSPF. Route summarization is not just a test of your binary conversion abilities, but knowing where and when to summarize routes. It will not surprise any CCNA or CCNP certification candidate that OSPF gives us the most options for route summarization, and therefore more details to know! OSPF offers us two options for route summarization configurations.
  • 9). Cisco CCNP / BSCI Exam Tutorial: OSPF Route Redistribution Review  By : Chris Bryant, CCIE #12933
    OSPF route redistribution is an important topic on the BSCI exam, and it's a topic full of details and defaults that you need to know for the exam room and the job. To help you pass the BSCI exam, here's a quick review of some of the OSPF route redistribution basics. To see if a router is an ABR or ASBR, run show ip ospf. This also displays any routes being redistributed into OSPF on this router.
  • 10). Passing Your CCNA and CCNP: Configuring And Troubleshooting Router-On-A-Stick  By : Chris Bryant, CCIE #12933
    For CCNA and CCNP candidates, it's hard not to laugh the first time you hear the phrase "router on a stick". Let's face it, that's a pretty silly term. But as those who have passed the CCNA and CCNP exams know, this is a vital exam topic that you must know how to configure and troubleshoot. Basic Cisco theory states that for hosts in different VLANs to communicate, a Layer 3 device must be involved to handle the routing between the VLANs.


New Computer Certification Articles
  • 1). Cisco CCNP Certification / BCMSN Exam Tutorial: The HSRP MAC Address  By : Chris Bryant, CCIE #12933
    To pass the BCMSN exam and earn your CCNP, you've got to know HSRP inside and out! Part of that is knowing how the MAC address of the virtual router is derived, and another part is knowing how to change this address. We'll look at both features in this tutorial. We've got two routers on a segment running HSRP, so first we need to find out what the MAC address of the HSRP virtual router is.
  • 2). Cisco CCNP Certification / BSCI Exam Tutorial: An Introduction To BGP  By : Chris Bryant, CCIE #12933
    When you're studying for the BSCI exam on the way to earning your CCNP certification, it's safe to say that BGP is like nothing you’ve studied to this point. BGP is an external routing protocol used primarily by Internet Service Providers (ISPs). Unless you work for an ISP today or in the future, you may have little or no prior exposure to BGP. Understanding BGP is a great addition to your skill set – and you have to know the basics well to pass the BSCI exam.
  • 3). Cisco CCNA Certification Exam Tutorial: Distance Vector Command Review  By : Chris Bryant, CCIE #12933
    Part of studying for CCNA exam success is keeping all these new commands straight in your head! And let's face it, there are a lot of commands you need to know in order to pass the CCNA exam and earn that certification. Here's a review of some very important distance vector and static routing commands you need to know, along with their proper usage and console output.
  • 4). Cisco CCNA Certification Exam Tutorial: Keep Your Most Important Appointment  By : Chris Bryant, CCIE #12933
    Imagine this. You have an appointment with a client to work on a server or router install. A few minutes before you're scheduled to be there, you decide there's something really good on TV you'd like to watch. Or you decide to go to the gym, or play a game, or do anything else except go see the client. Even if you weren't going to get fired for not showing up, it's certainly unfair to the client.
  • 5). CCNP Certification / BSCI Exam Tutorial: The BGP Neighbor Process  By : Chris Bryant, CCIE #12933
    Like TCP, BGP is connection-oriented. An underlying connection between two BGP speakers is established before any routing information is exchanged. This connection takes place on TCP port 179. As with EIGRP and OSPF, keepalive messages are sent out by the BGP speakers in order to keep this relationship alive. Once the connection is established, the BGP speakers exchange routes and synchronize their tables.
  • 6). CCNP Certification / BCMSN Exam Tutorial: Server Load Balancing (SLB)  By : Chris Bryant, CCIE #12933
    When you're working on your BCMSN exam on your way to CCNP certification, you'll read at length about how Cisco routers and multilayer switches can work to provide router redundancy - but there's another helpful service, Server Load Balancing, that does the same for servers. While HSRP, VRRP, and CLBP all represent multiple physical routers to hosts as a single virtual router, SLB represents multiple physical servers to hosts as a single virtual server.
  • 7). CCNA / MCSE / CCNP Certification: Making Failure Work For You  By : Chris Bryant, CCIE #12933
    Whether you're on the road to the CCNA, CCNP, MCSE, or you're on any other computer certification track, the odds are that sooner or later, you're going to fail an exam. It's happened to almost all of us, yours truly included. What you have to keep in mind in these times is that success is not a straight line. You've probably seen charts showing the growth of an industry or a business -- you know, the ones that go from left to right, and look kind of jagged.
  • 8). Cisco CCNA / CCNP / BCMSN Exam Review: Trunking And Trunking Protocols  By : Chris Bryant, CCIE #12933
    To earn your CCNA or CCNP certification, you've got to understand the basics of trunking. This isn't just a CCNA topic - you must have an advanced understanding of trunking and etherchannels to pass the BCMSN exam and earn your CCNP as well. Before we address those advanced topics, though, you need to master the fundamentals! A trunk allows inter-VLAN traffic to flow between directly connected switches.
  • 9). Cisco CCNP / BSCI Exam Tutorial: 10 ISIS Details You Must Know!  By : Chris Bryant, CCIE #12933
    Earning your CCNP certification and passing the BSCI exam depends on knowing the details of many Cisco technologies, ISIS chief among them. To help you prepare for exam success, here's a list of ISIS terminology and basic concepts that will help you pass this tough exam. Enjoy! ISIS Terms: Domain: section of the network under common administrative control Area: logical segment of the network composed of contiguous routers and their data links Intermediate System: A router.
  • 10). Cisco CCNA / CCNP Certification Exam Tutorial: ISDN And Multilink PPP  By : Chris Bryant, CCIE #12933
    ISDN is a huge topic on both your Cisco CCNA and BCRAN CCNP exams. While many ISDN topics seem straightforward, it’s the details that make the difference in the exam room and working with ISDN in production networks. Configuring and troubleshooting multilink PPP is just one of the skills you’ll need to pass both of these demanding exams. With BRI, we've got two B-channels to carry data, and both of them have a 64-kbps capacity.


 

© 2006 articles2k.com - Privacy Policy