Named ACL Configuration

Named ACL Configuration
Overview
Standard and Extended ACL are better filter traffic in network, but they come with the same thing hardly to modify
statement. In Standard and Extended ACL, we cannot added or remove one or more statement of access lists.
Sometime, If we make a mistake by missing some statements and then we want to add new statement to exiting
access list, the new statement will be listed under the previous statements. As we mention in the previous lesson, ACL
filtering works from the top to bottom. So if specific statement lay under general statement, they will not match this new
statement. Solution for using both ACL, you should delete access list number. After you deleted one of access list
number, every statements under that access list will be deleted too. So you need to create new access list, and write
down you statement again. If that access list is 100 statements, how have you done it?
The best solution you should use named ACL. Every medium and enterprise businesses use named access list over
90% for security of their network infrastructure. named ACL let you to do the more powerful that you never met. named
ACL let you easy to modify every statements without delete access list. If you you want to add or remove one of
statement, you may use command line no 10 (remove) or 10 (add) under access list named. Learn4ccna recommend
you should pay attention for this section.
Topology
Click here to download topology of Named ACL configuration.pkt

Extended ACL Configuration

Extended ACL Configuration
Overview
Extended ACL is one type of ACL was used to filter traffic in network infrastructure by implement on Router, Firewall,
Multilayer Switch and other network devices which support ACL. Extended ACL is one type of technology use for
network security practices. In home, small business, medium and enterprise business never missed of ACL. But
sometime in home and small business that using SOHO products still don’t know how they use ACL. One more,
extended ACL is more effectively and efficiency in using by NAT and VPN configuration.Extended ACL ranges 100 to
199 and 2000 to 2699. Extended ACL can be used for filter source and destination IP and Port that is a powerful
ACL. Learn4CCNA recommend you should not missed this configuration.
Scenario
In this topology you should assign IP address as we noted in topology. After IP address was configured successfully,
you may configure one of dynamic routing protocol ( we suggest you use OSPF v2 to configure routing in this
scenario). First, You may verify connectivity by ping from one of PCs to all PCs and Sever to make sure routing that
you configure is working properly. Second, you should configure this scenario by 2 following task:
Task 1
Configure IP address to all end devices and routers as we mention in topology (we suggest you to assign IP
x.x.x.10 to all PCs)
Configure HTTP, DNS and FTP server (domain name should use www.cisco.com for DNS mapping)
Configure dynamic routing protocol (recommend for OSPF v2)
Note: After you configure HTTP, DNS, FTP Server and routing successfully, you should access web server from Guest
PC by using web browser to www.cisco.com. Accessing should be successfully.
Task 2
Create extended ACL by using number 100
Create statements that compliance with
Guest Network should not reach Server Host by request HTTP
Guest Network should reach all service and network except upon case
Apply ACL to which interface should be
Topology
Click here to download topology of Extended ACL Configuration.pkt

Standard ACL Configuration

Standard ACL Configuration
Overview
Standard access lists match packets by examining the supply ip address field within the packet’s ip header. Any bit
positions within the 32-bit supply ip address may be compared to the access list statements. However, the matching is
versatile and doesn’t think about the subnet mask in use.
Access lists use the inverse mask, typically referred to as the wildcard mask or I-mask. This mask is known as as a
result of it inverts the that means of the bits. during a traditional mask, ones mean “must match,” whereas zeroes mean
“may vary.” as an example, for 2 hosts to get on an equivalent class C network, the primary twenty four bits of their
address should match, whereas the last eight could vary. Inverse masks swap the principles so zeroes mean “must
match” and ones mean “may vary.”
Standard ACL specify solely the source, implying traffic for all destination whereas you’ll specify traffic from one supply
to 1 destination for extended ACL. e.g standard ACL permit you to deny traffic for 192.168.1.20, that completely block
the user from any form of traffic. Basically, that user does not own a NOS immediately, s/he owns an easy laptop that
cannot talk to anyone. Extended ACL permit you to specify speech communication between, e.g Bill and Jill, however
no preventing Bill from rebuke anyone else.
Another vital distinction is that standard ACL denies/permits all traffic whereas extended ACL by selection deny/permit
some or all traffic looking on your preference. a standard ACL denial means that all sorts of traffic is blocked, data,
video, or music. On the opposite hand, AN extended ACL will deny solely video and music however permit information.
this can be however the corporate get its workers to figure. NO entertainment allowed
Topology
Click here to download topology of Standard ACL Configuration.pkt