Cisco CCNA Certification Exam Tutorial: Access List Particulars You Must Know! — различия между версиями
(Новая: To pass the CCNA exam, you have to be in a position to write and troubleshoot access lists. As you climb the ladder toward the CCNP and CCIE, you'll see more and more makes use of for AC...) |
|||
| Строка 1: | Строка 1: | ||
| − | To pass the CCNA exam, you have to be in a position to write and troubleshoot access lists. As you climb the ladder toward the CCNP and CCIE, you | + | To pass the CCNA exam, you have to be in a position to write and troubleshoot access lists. As you climb the ladder toward the CCNP and CCIE, you are going to see a lot more [http://www.entrust.net/ssl-cert-comparisons.htm ssl certificate comparison] and much more uses for ACLs. For that reason, you had much better know the fundamentals!<br><br>The use of "host" and "any" confuses some newcomers to ACLs, so let's take a appear at that first.<br><br>It is acceptable to configure [http://www.entrust.net/ssl-cert-comparisons.htm entrust ssl certificate] a wildcard mask of all ones or all zeroes. A wildcard mask of ... signifies the address specified in the ACL line ought to be matched specifically a wildcard mask of 255.255.255.255 implies that all addresses will match the line.<br><br>Wildcard masks have the solution of employing the word host to represent a wildcard mask of .... Contemplate a configuration where only packets from IP source 10.1.1.1 must be permitted and all other packets denied. The following ACLs both do that.<br><br>R3#conf t<br><br>R3(config)#access-list 6 permit 10.1.1.1 ...<br><br>R3(config)#conf t<br><br>R3(config)#access-list 7 permit host 10.1.1.1<br><br>The keyword any can be employed to represent a wildcard mask of 255.255.255.255.<br><br>R3(config)#access-list 15 permit any<br><br>Yet another usually overlooked detail is the order of the lines in an ACL. Even in a two- or 3-line ACL, the order of the lines in an ACL is essential.<br><br>Contemplate a circumstance where packets sourced from 172.18.18. /24 will be denied, but all other people will be permitted. The following ACL would do that.<br><br>R3#conf t<br><br>R3(config)#access-list 15 deny 172.18.18. ...255<br><br>R3(config)#access-list 15 permit any<br><br>The earlier instance also illustrates the importance of configuring the ACL with the lines in the right order to get the desired final results. What would be the result if the lines were reversed?<br><br>R3#conf t<br><br>R3(config)#access-list 15 permit any<br><br>R3(config)#access-list 15 deny 172.18.18. ...255<br><br>If the lines were reversed, site visitors from 172.18.18. /24 would be matched [http://www.entrust.net/ security certificate] against the 1st line of the ACL. The first line is permit any", meaning all targeted traffic is permitted. The site visitors from 172.18.18./24 matches that line, the targeted traffic is permitted, and the ACL stops operating. The statement denying the visitors from 172.18.18. is in no way run.<br><br>The key to writing and troubleshoot access lists is to take just an further moment to read it more than and make certain it really is going to do what you intend it to do. It is much better to understand your mistake on paper instead of as soon as the ACL's been applied to an interface! |
Текущая версия на 06:04, 29 июня 2012
To pass the CCNA exam, you have to be in a position to write and troubleshoot access lists. As you climb the ladder toward the CCNP and CCIE, you are going to see a lot more ssl certificate comparison and much more uses for ACLs. For that reason, you had much better know the fundamentals!
The use of "host" and "any" confuses some newcomers to ACLs, so let's take a appear at that first.
It is acceptable to configure entrust ssl certificate a wildcard mask of all ones or all zeroes. A wildcard mask of ... signifies the address specified in the ACL line ought to be matched specifically a wildcard mask of 255.255.255.255 implies that all addresses will match the line.
Wildcard masks have the solution of employing the word host to represent a wildcard mask of .... Contemplate a configuration where only packets from IP source 10.1.1.1 must be permitted and all other packets denied. The following ACLs both do that.
R3#conf t
R3(config)#access-list 6 permit 10.1.1.1 ...
R3(config)#conf t
R3(config)#access-list 7 permit host 10.1.1.1
The keyword any can be employed to represent a wildcard mask of 255.255.255.255.
R3(config)#access-list 15 permit any
Yet another usually overlooked detail is the order of the lines in an ACL. Even in a two- or 3-line ACL, the order of the lines in an ACL is essential.
Contemplate a circumstance where packets sourced from 172.18.18. /24 will be denied, but all other people will be permitted. The following ACL would do that.
R3#conf t
R3(config)#access-list 15 deny 172.18.18. ...255
R3(config)#access-list 15 permit any
The earlier instance also illustrates the importance of configuring the ACL with the lines in the right order to get the desired final results. What would be the result if the lines were reversed?
R3#conf t
R3(config)#access-list 15 permit any
R3(config)#access-list 15 deny 172.18.18. ...255
If the lines were reversed, site visitors from 172.18.18. /24 would be matched security certificate against the 1st line of the ACL. The first line is permit any", meaning all targeted traffic is permitted. The site visitors from 172.18.18./24 matches that line, the targeted traffic is permitted, and the ACL stops operating. The statement denying the visitors from 172.18.18. is in no way run.
The key to writing and troubleshoot access lists is to take just an further moment to read it more than and make certain it really is going to do what you intend it to do. It is much better to understand your mistake on paper instead of as soon as the ACL's been applied to an interface!
