Cisco CCNA Certification Exam Tutorial: Access List Particulars You Must Know!

Материал из НГПУ им. К.Минина
Перейти к: навигация, поиск

To pass the CCNA exam, you have to be in a position to write and troubleshoot access lists. As you climb the ladder toward the CCNP and CCIE, you are going to see a lot more ssl certificate comparison and much more uses for ACLs. For that reason, you had much better know the fundamentals!

The use of "host" and "any" confuses some newcomers to ACLs, so let's take a appear at that first.

It is acceptable to configure entrust ssl certificate a wildcard mask of all ones or all zeroes. A wildcard mask of ... signifies the address specified in the ACL line ought to be matched specifically a wildcard mask of 255.255.255.255 implies that all addresses will match the line.

Wildcard masks have the solution of employing the word host to represent a wildcard mask of .... Contemplate a configuration where only packets from IP source 10.1.1.1 must be permitted and all other packets denied. The following ACLs both do that.

R3#conf t

R3(config)#access-list 6 permit 10.1.1.1 ...

R3(config)#conf t

R3(config)#access-list 7 permit host 10.1.1.1

The keyword any can be employed to represent a wildcard mask of 255.255.255.255.

R3(config)#access-list 15 permit any

Yet another usually overlooked detail is the order of the lines in an ACL. Even in a two- or 3-line ACL, the order of the lines in an ACL is essential.

Contemplate a circumstance where packets sourced from 172.18.18. /24 will be denied, but all other people will be permitted. The following ACL would do that.

R3#conf t

R3(config)#access-list 15 deny 172.18.18. ...255

R3(config)#access-list 15 permit any

The earlier instance also illustrates the importance of configuring the ACL with the lines in the right order to get the desired final results. What would be the result if the lines were reversed?

R3#conf t

R3(config)#access-list 15 permit any

R3(config)#access-list 15 deny 172.18.18. ...255

If the lines were reversed, site visitors from 172.18.18. /24 would be matched security certificate against the 1st line of the ACL. The first line is permit any", meaning all targeted traffic is permitted. The site visitors from 172.18.18./24 matches that line, the targeted traffic is permitted, and the ACL stops operating. The statement denying the visitors from 172.18.18. is in no way run.

The key to writing and troubleshoot access lists is to take just an further moment to read it more than and make certain it really is going to do what you intend it to do. It is much better to understand your mistake on paper instead of as soon as the ACL's been applied to an interface!

Источник — «https://www.wiki.mininuniver.ru/index.php?title=Cisco_CCNA_Certification_Exam_Tutorial:_Access_List_Particulars_You_Must_Know!&oldid=88926»