Scribd Logo
Upload

Welcome to Scribd!

  • 38 views

    ACL (Access Control List)

    Uploaded by

    AlyDeden
    This document discusses Access Control Lists (ACLs) and Network Address Translation (NAT). It provides information on: 1. Standard and extended ACLs, which control traffic through routers based on permit and deny conditions applied to source/destination IP addresses and ports. 2. How to configure standard, extended, and named ACLs on routers to allow or block traffic. 3. NAT types including static, dynamic, and port address translation (PAT), which convert private IP addresses to public IP addresses for network security and IP address conservation. 4. How to configure static NAT for one-to-one mapping, dynamic NAT for one-to-many mapping from a pool, and PAT for many-

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    ACL (Access Control List)

    Uploaded by

    AlyDeden
    38 views16 pages
    This document discusses Access Control Lists (ACLs) and Network Address Translation (NAT). It provides information on: 1. Standard and extended ACLs, which control traffic through routers based on permit and deny conditions applied to source/destination IP addresses and ports. 2. How to configure standard, extended, and named ACLs on routers to allow or block traffic. 3. NAT types including static, dynamic, and port address translation (PAT), which convert private IP addresses to public IP addresses for network security and IP address conservation. 4. How to configure static NAT for one-to-one mapping, dynamic NAT for one-to-many mapping from a pool, and PAT for many-

    Original Description:

    day7

    Original Title

    day7

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document discusses Access Control Lists (ACLs) and Network Address Translation (NAT). It provides information on: 1. Standard and extended ACLs, which control traffic through routers based on permit and deny conditions applied to source/destination IP addresses and ports. 2. How to configure standard, extended, and named ACLs on routers to allow or block traffic. 3. NAT types including static, dynamic, and port address translation (PAT), which convert private IP addresses to public IP addresses for network security and IP address conservation. 4. How to configure static NAT for one-to-one mapping, dynamic NAT for one-to-many mapping from a pool, and PAT for many-

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    38 views16 pages

    ACL (Access Control List)

    Uploaded by

    AlyDeden
    This document discusses Access Control Lists (ACLs) and Network Address Translation (NAT). It provides information on: 1. Standard and extended ACLs, which control traffic through routers based on permit and deny conditions applied to source/destination IP addresses and ports. 2. How to configure standard, extended, and named ACLs on routers to allow or block traffic. 3. NAT types including static, dynamic, and port address translation (PAT), which convert private IP addresses to public IP addresses for network security and IP address conservation. 4. How to configure static NAT for one-to-one mapping, dynamic NAT for one-to-many mapping from a pool, and PAT for many-

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 16

    ACL (Access Control List)

     ACLS’s are used for network security


     Conditions for controlling traffics through router is called ACL.
     Two conditions are:-
    1. Permit
    2. Deny
     Two types are:-
    1. Standard (1-99)
    2. Extended (100-199)
    Standard ACL
     Range 1-99
     Standard ACL is configured under destination Router
     Source IP is given for Standard ACL
     Entire TCP/IP protocol stack is blocked when Deny condition is applied
    Configuring Standard ACL
     Router(config)#access-list ‘no:’ deny host ‘destination address’
     Router(config)#access-list ‘no:’ permit any
    Filter Design
     Filter is designed at the interface which is nearest to destination in
    standard ACL
     ACL will only be accessible if filter is designed.
     Syntax:-
    Router(config-if)# ip access group ‘access list no:’ ‘in or out ‘
    Verifying ACL’s
    Router #show access-list

    To remove:-
    Router(config)#no access-list ‘no:’
    Router(config-if)#no ip access group ‘access list no:’ ‘in or out’
    Extended ACL
     Range- 100-199
     Extended ACL is configured under the source router.
     Source IP and Destination IP is given for Extended ACL
     Each or any protocols could be blocked when Deny condition is
    applied
    Configuring Extended ACL
    Router(config)#access-list ‘no:’ deny ‘service’ host ‘address’ host
    ‘address’
    Router(config)#access-list ‘no:’ permit ‘service’ host ‘address’ network
    ‘address’ ‘mask’
    For blocking a network- Router(config)#access-list ‘no:’ deny ‘service’
    host ‘address’ network ‘address’ ‘mask’
    For blocking TCP Router(config)#access-list ‘no:’ deny tcp host ‘address’
    network ‘address’ ‘mask’ eq ‘port no:’
    Named ACL
     ACL’s with name are called Named ACLs.
     Syntax:- For Standard
    Router(config)#ip access-list standard ‘access list name’
    Router(config-std-nacl)#deny host ‘address’
    Router(config-std-nacl)#permit any
    For Extended
    Router(config)#ip access-list extended ‘access list name’
    Router(config-std-nacl)#deny ‘service’ host ‘address’ host ‘address’
    Router(config-std-nacl)#permit any any
    Filter Design
    Router(config-if)#ip access group ‘access list name:’ ‘in or out’

     To verify:-
    Router#show ip access-list
    NAT (Network Address Translation)
     This service converts Private IP address to Public IP address
     To avoid IP wastage
     Implements Network Security.
     Types of NAT:-
    1. Static
    2. Dynamic
    3. NAT Overloading or PAT (Port Address Translation)
    Static NAT
     One to one mapping
     Each private range IP is provided with each public range IP
    Dynamic NAT
     One to many mapping
     A pool is created inside the NAT service.
     In that it holds the information about public IP and its corresponding
    Private IP
     Each private IP selects its own Public IP for communication with the
    help of Router
    NAT overloading or PAT (Port Address
    Translation)
     Each Private IP is Translated on one single Public IP.
     Each one is Provided with Port Numbers in order to avoid conflict.
    Static NAT Configuration
     Router(config)#Int fast Ethernet 0/0
     Router(config-if)# IP NAT inside
     Router(config)#Int s 1/0
     Router(config-if)# IP NAT outside
     Router(config-if)# Exit
     Router(config)# ip NAT inside source static 10.0.0.1 200.0.0.1
     To see the table
     Router(config)#show ip nat translations
     Router(config)#show ip nat statistics
    Dynamic NAT Configuration
     Access list creation- for grouping the private IP’s in our network
     Pool creation- Creating pool in which the translations are to be
    included.
     Nat Activation
    Create an Access List
    Router(config)# Access-list 1 permit 10.0.0.0 0.255.255.255

    Configure NAT dynamic Pool


    Router(config)# IP NAT pool pool1 200.0.0.1 200.0.0.254 netmask 255.255.255.0

    Link Access List to Pool


    Router(config)# IP NAT inside source list 1 pool pool1
    PAT Configuration
    Router#config t
    Router(config)# int e 0
    Router(config-if)# ip nat inside
    Router(config)# int s 0
    Router(config-if)# ip nat outside
    Router(config)#access-list 1 permit 10.0.0.0 0.255.255.255
    Router(config)#ip nat inside source list 1 interface s 0 overload

    To see host to host ping configure static or dynamic routing

    To check translation
    #show ip nat translations

    You might also like