Exam: Cisco 200-120 - CCNA Cisco Certified Network Associate CCNA (803)
This chapter will discuss all that you need to know under the topic “Configure and verify an ACLs to limit telnet and SSH access to the router” from the point of view of the CCNA exam. We hope that this will help you to prepare better for the exam. This topic is crucial from the exam point of view.
As we have already mentioned before ACL or (access control list) is basically a list of permissions that can be attached to an object. We will now discuss in details how the ACLs can be configured. ACL is nothing but a set of rule that helps to specify a set of condition that the packet must fulfil in order to be accepted. The switch will first need to check if an ACL can apply to a packet. In order to do this packet must be checked against all the conditions that are applied by the ACL. The switch will accept packets and process them that full fill the conditions. It will deny the packets that do not match and will drop them. The ACL can be effectively used to protect the host and network. The ACL can be applied on IP addresses, VLAN and also on MAC.
The permit and deny command is used to set the rules on a ACL. The source and the destination of the traffics must be mentioned in the rule. We will discuss how ACL can be applied on SSH (secure shell protocol) and on telnet now. The SSH is also a protocol and it provides a secured remote access connection to the network device. The communication with the client is encrypted in the SSH. The WAAS device is the one that is used limit the SSH and the telnet. The WAAS device is kept in the customer’s premises and it is managed by the service provider. The WAE contains the definition of the WAAS. The ACL that are defined in the router will get more importance compared to the ACL that are defined in the WAE.
When you are in the ACL configuration mode you can use the commands as list, move and delete. These commands can be used to delete and display specific entries. They can also change the order of the entry. This will allow you to list the entries on the basis of how they must be evaluated. If you want to get back to the global configuration mode you must exit the ACL configuration mode. To create the entry you must use the “deny” and the “permit” keyword as we have already mentioned above. This holds good while you apply the ACL on the SSH and the telnet too.
In case of the WAAS (wide area application server) device the ACL will often deny all the entries. This is exactly why one permit entry must be included in order to create a valid access list. Once the ACL is created in a WAAS device the access list can be used in the access group using the access-group command. This will also determine how the access list is applied. The access list can be applied to a specific command too. If you want to create an extended ACL you must enter the ip access –list extended in the global configuration mode. In case of the WAAS the standard access list can be used too. This list will provide access to the TFTP server or to the SNMP server.
The different types of ACL that can be used by the WAAS devices are as follows:
To use the interface ACL the following steps must be followed:
The command that is used to limit the SSH access is mentioned below. This will accept the web traffic but will limit the access using the SSH.
WAE(config)# ip access-list extended testextacl
WAE(config-ext-nacl)# permit tcp any any eq www
WAE(config-ext-nacl)# permit tcp host 10.1.1.5 any eq ssh
Some points that must be kept in mind when the ACL is used in the WAAS devices are:
The topic of “Configure and verify an ACLs to limit telnet and SSH access to the router” is a huge one but these are some aspects of the topic that you must know well from the exam point of view. We hope that with these notes you will definitely be able to do much better in the exams.
Related IT Guides
How to Claim the Refund / Exchange?
In case of failure your money is fully secure by BrainDumps Guarantee Policy. Before claiming the guarantee all downloaded products must be deleted and all copies of BrainDumps Products must be destroyed.
Under What Conditions I can Claim the Guarantee?
Full Refund is valid for any BrainDumps Testing Engine Purchase where user fails the corresponding exam within 30 days from the date of purchase of Exam. Product Exchange is valid for customers who claim guarantee within 90 days from date of purchase. Customer can contact BrainDumps to claim this guarantee and get full refund at email@example.com. Exam failures that occur before the purchasing date are not qualified for claiming guarantee. The refund request should be submitted within 7 days after exam failure.
The money-back-guarantee is not applicable on following cases:
This is a ONE TIME OFFER. You will never see this Again
Enter Your Email Address to Receive Your 30% OFF Discount Code Plus... Our Exclusive Weekly Deals
Save 30%. Today on all IT exams. Instant Download
Use the following Discount Code during the checkout and get 30% discount on all your purchases: