Cisco CCNA Certification Exam Tutorial: Access List Specifics You Must Know!

Aus Salespoint

Wechseln zu: Navigation, Suche

To pass the CCNA exam, you have to be in a position to write and troubleshoot access lists. As you climb the ladder toward the CCNP and CCIE, you'll see more and more uses for ACLs. For that reason, you had far better know the basics!

The use of "host" and "any" confuses some newcomers to ACLs, so let's take a appear at that initial.

It is acceptable to configure a wildcard mask of all ones or all zeroes. A wildcard mask of ... implies the address specified in the ACL line need to be matched precisely a wildcard mask of 255.255.255.255 implies that all addresses will match the line.

Wildcard masks have the solution of utilizing the word host to represent ssl server a wildcard mask of .... Consider a configuration where only packets from ssl service IP source 10.1.1.1 must be permitted and all other packets denied. The following ACLs each do that.

R3#conf t

R3(config)#access-list 6 permit ten.1.1.1 ...

R3(config)#conf t

R3(config)#access-list 7 permit host 10.1.1.1

The keyword any can be employed to represent a wildcard mask of 255.255.255.255.

R3(config)#access-list 15 permit any

One more frequently overlooked detail is the order of the lines in an ACL. Even in a two- or three-line ACL, the digital certificate order of the lines in an ACL is vital.

Contemplate a situation where packets sourced from 172.18.18. /24 will be denied, but all other individuals will be permitted. The following ACL would do that.

R3#conf t

R3(config)#access-list 15 deny 172.18.18. ...255

R3(config)#access-list 15 permit any

The preceding instance also illustrates the significance of configuring the ACL with the lines in the right order to get the desired final results. What would be the result if the lines were reversed?

R3#conf t

R3(config)#access-list 15 permit any

R3(config)#access-list 15 deny 172.18.18. ...255

If the lines had been reversed, site visitors from 172.18.18. /24 would be matched against the first line of the ACL. The initial line is permit any", meaning all targeted traffic is permitted. The traffic from 172.18.18./24 matches that line, the visitors is permitted, and the ACL stops running. The statement denying the visitors from 172.18.18. is never ever run.

The essential to writing and troubleshoot access lists is to take just an added moment to read it more than and make certain it really is going to do what you intend it to do. It's far better to comprehend your mistake on paper rather of when the ACL's been applied to an interface!

Von „http://www.st.inf.tu-dresden.de/SalesPoint/v4.0/index.php/Cisco_CCNA_Certification_Exam_Tutorial:_Access_List_Specifics_You_Must_Know!
Persönliche Werkzeuge