Exam: Cisco 200-301 - Cisco Certified Network Associate (CCNA)
In this particular chapter we will explain how one can configure network security using ACLs (access control lists). This configuration is done using commands and tables that are often reffered to as access list. One pre requisite is that you must have installed advanced software image on your switch. Anyone can configure the network security using CMS (cluster management suite) or CLI (command line interface). You will get a step by step online guide on how to install CMS. There is an option to filter the inbound traffic. The filtering can be done using the TCP/UDP applications.
When you use packet filtering it will automatically limit the network traffic and will also reduce the network use by some users. ACL has the ability to easily filter the traffic that is passing through the switch. It can also allow or deny some packets from passing through. The ACL is designed in such a way that the permit and deny options come in a sequence. If there is some restriction the switch will automatically drop the packet else will allow the packet to move on.
The ACL is vital. If it is not configured then all the packets that are passing will be allowed in the network and the situation may go out of control. With the help of ACL it becomes much easy to control the traffic and ensure that crucial information do not go out. For example you can allow email traffic to move out but you cannot just allow the telnet traffic to move out can you? The ACLs can be very effectively used to block the inbound traffic.
It is the ACE (access control entry) that is present in every ACL that allows or denies the packet. Some of the ACL that the switch supports are:
The ACLs can be applied on any interface that allows inbound directions. The ACL will match the packets with the entries made in the ACL. If the packet matches the entries it will be allowed else it will be denied right away. The IP packets can also be fragmented as and when they cross the network. When the fragmentation happensthen the packets containsfour layer information and this information. It contains the UDP and TCP port numbers; it also contains the ICMP type code and other vital information. In some cases ACE’s will not even check the four layered information.
You must keep in mind that only one ACL can be attached to one interface. When you configure a ACL you must keep in mind that all the ACE in the in one ACL must have a similar user-defined mask. One can also apply any number of system defined masks. The catalyst 2950 switch is consistent with Cisco catalyst switch.
The catalyst 2950 switch do not support the following features:
Named and Numbered are the two types of ACL that is known. We will now be discussing each of them in details so that you get a better idea about them.
You can also identify an ACL with a name that is an alphanumeric in nature. This allows the network administrator to use names to identify the access list. This makes them easy to remember and also work on. You can also reorder the statement and add new words to the statement in the named list. You must keep in mind that all IP access list will not accept a named ACL. The standard ACL and extended ACL cannot have the same name. There is a possibility to remove lines from a named ACL this is exactly why it is more preferred to a numbered ACL.
The named ACL allows the user the following features:
Some commands accept only numbered access and some only named access.
The numbered are not very popular as they are not as user friendly as the new named ACLs. The time that is needed to edit a numbered ACL is huge. However, you must have a good idea of the numbered ACL as they are often used in the old deployments. One must know how to use these as you may come across these. Numbered ACLs can be used to make simple ACLs. Some network administrators use a combination of named and numbered ACL. Typically to configure a numbered ACL you need to copy the existing ACL into a notepad. Then you must remove or insert the lines that you want. After that you need to paste back these edited ACL in order to use them once again. This can be a time consuming task. When the reboot the computer the ACLs can renumber themselves this is a point that you must have in mind.
Logging enabled ACL allows the users to get an insight into the traffic. This can be CPU intensive and can also affect the function of the network device in a negative manner. The log input options directly apply to the ACE. This can also lead to the logging of the packets that affect the ACE. The first packet that is logged in via log input option will automatically generate a syslog message.
The log options at the very end of the extended ACL will enable the following behaviour:
When a packet matches the ACE then the ASA creates a flow entry that tracks the number of packets that were received in a given period of time.
We hope that this chapter on Configure and verify ACLs in a network environment will help you to understand the subject matter better.
Related IT Guides
How to Claim the Refund / Exchange?
In case of failure your money is fully secure by BrainDumps Guarantee Policy. Before claiming the guarantee all downloaded products must be deleted and all copies of BrainDumps Products must be destroyed.
Under What Conditions I can Claim the Guarantee?
Full Refund is valid for any BrainDumps Testing Engine Purchase where user fails the corresponding exam within 30 days from the date of purchase of Exam. Product Exchange is valid for customers who claim guarantee within 90 days from date of purchase. Customer can contact BrainDumps to claim this guarantee and get full refund at firstname.lastname@example.org. Exam failures that occur before the purchasing date are not qualified for claiming guarantee. The refund request should be submitted within 7 days after exam failure.
The money-back-guarantee is not applicable on following cases:
This is a ONE TIME OFFER. You will never see this Again
Enter Your Email Address to Receive Your 10% OFF Discount Code Plus... Our Exclusive Weekly Deals
Save 10%. Today on all IT exams. Instant Download
Use the following Discount Code during the checkout and get 10% discount on all your purchases: