SlideShare a Scribd company logo

CCNA ppt Day 7

Download as PPTX, PDF
V
VISHNU N

ACLs (Access Control Lists) are used to control network traffic through routers by permitting or denying traffic based on conditions like source/destination IP addresses. There are two types: standard ACLs filter based on source IP and are configured on destination routers, while extended ACLs filter on source/destination IP and can block specific protocols. NAT (Network Address Translation) converts private IP addresses to public IP addresses to avoid IP address depletion and implement network security through configurations like static, dynamic, or port address translation which maps private ports to a public IP address.

Technology
1 of 16
Downloaded 206 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
ACL (Access Control List)  ACLS’s are used for network security  Conditions for controlling traffics through router is called ACL.  Two conditions are:- 1. Permit 2. Deny  Two types are:- 1. Standard (1-99) 2. Extended (100-199)
Standard ACL  Range 1-99  Standard ACL is configured under destination Router  Source IP is given for Standard ACL  Entire TCP/IP protocol stack is blocked when Deny condition is applied
Configuring Standard ACL  Router(config)#access-list ‘no:’ deny host ‘destination address’  Router(config)#access-list ‘no:’ permit any
Filter Design  Filter is designed at the interface which is nearest to destination in standard ACL  ACL will only be accessible if filter is designed.  Syntax:- Router(config-if)# ip access group ‘access list no:’ ‘in or out ‘
Verifying ACL’s Router #show access-list To remove:- Router(config)#no access-list ‘no:’ Router(config-if)#no ip access group ‘access list no:’ ‘in or out’
Extended ACL  Range- 100-199  Extended ACL is configured under the source router.  Source IP and Destination IP is given for Extended ACL  Each or any protocols could be blocked when Deny condition is applied
Configuring Extended ACL Router(config)#access-list ‘no:’ deny ‘service’ host ‘address’ host ‘address’ Router(config)#access-list ‘no:’ permit ‘service’ host ‘address’ network ‘address’ ‘mask’ For blocking a network- Router(config)#access-list ‘no:’ deny ‘service’ host ‘address’ network ‘address’ ‘mask’ For blocking TCP Router(config)#access-list ‘no:’ deny tcp host ‘address’ network ‘address’ ‘mask’ eq ‘port no:’
Named ACL  ACL’s with name are called Named ACLs.  Syntax:- For Standard Router(config)#ip access-list standard ‘access list name’ Router(config-std-nacl)#deny host ‘address’ Router(config-std-nacl)#permit any For Extended Router(config)#ip access-list extended ‘access list name’ Router(config-std-nacl)#deny ‘service’ host ‘address’ host ‘address’ Router(config-std-nacl)#permit any any
Filter Design Router(config-if)#ip access group ‘access list name:’ ‘in or out’  To verify:- Router#show ip access-list
NAT (Network Address Translation)  This service converts Private IP address to Public IP address  To avoid IP wastage  Implements Network Security.  Types of NAT:- 1. Static 2. Dynamic 3. NAT Overloading or PAT (Port Address Translation)
Static NAT  One to one mapping  Each private range IP is provided with each public range IP
Dynamic NAT  One to many mapping  A pool is created inside the NAT service.  In that it holds the information about public IP and its corresponding Private IP  Each private IP selects its own Public IP for communication with the help of Router
NAT overloading or PAT (Port Address Translation)  Each Private IP is Translated on one single Public IP.  Each one is Provided with Port Numbers in order to avoid conflict.
Static NAT Configuration  Router(config)#Int fast Ethernet 0/0  Router(config-if)# IP NAT inside  Router(config)#Int s 1/0  Router(config-if)# IP NAT outside  Router(config-if)# Exit  Router(config)# ip NAT inside source static 10.0.0.1 200.0.0.1  To see the table  Router(config)#show ip nat translations  Router(config)#show ip nat statistics
Dynamic NAT Configuration  Access list creation- for grouping the private IP’s in our network  Pool creation- Creating pool in which the translations are to be included.  Nat Activation Create an Access List Router(config)# Access-list 1 permit 10.0.0.0 0.255.255.255 Configure NAT dynamic Pool Router(config)# IP NAT pool pool1 200.0.0.1 200.0.0.254 netmask 255.255.255.0 Link Access List to Pool Router(config)# IP NAT inside source list 1 pool pool1
PAT Configuration Router#config t Router(config)# int e 0 Router(config-if)# ip nat inside Router(config)# int s 0 Router(config-if)# ip nat outside Router(config)#access-list 1 permit 10.0.0.0 0.255.255.255 Router(config)#ip nat inside source list 1 interface s 0 overload To see host to host ping configure static or dynamic routing To check translation #show ip nat translations

More Related Content

PPTX
CCNA ppt Day 8
VISHNU N
 
PPTX
CCNA ppt Day 9
VISHNU N
 
PPTX
CCNA ppt Day 4
VISHNU N
 
PPTX
CCNA pptCCNA ppt Day 6
VISHNU N
 
PPTX
CCNA ppt Day 5
VISHNU N
 
PPTX
Ccna PPT2
AIRTEL
 
PPT
Access control list 2
Kishore Kumar
 
PPT
CCNA Routing and Switching Lessons 11-12 - WAN Configuration - Eric Vanderburg
Eric Vanderburg
 
CCNA ppt Day 8
VISHNU N
 
CCNA ppt Day 9
VISHNU N
 
CCNA ppt Day 4
VISHNU N
 
CCNA pptCCNA ppt Day 6
VISHNU N
 
CCNA ppt Day 5
VISHNU N
 
Ccna PPT2
AIRTEL
 
Access control list 2
Kishore Kumar
 
CCNA Routing and Switching Lessons 11-12 - WAN Configuration - Eric Vanderburg
Eric Vanderburg
 

What's hot (20)

PPTX
Лекц 15
Muuluu
 
PPTX
VIRTUAL LANS
anilinvns
 
PPTX
Router configuration in packet tracer
Anabia Anabia
 
DOCX
Cisco router configuration tutorial
IT Tech
 
PDF
Router commands
Akshay Bhardwaj
 
PPTX
Cisco router basic
Tapan Khilar
 
PDF
Ccna Commands In 10 Minutes
CCNAResources
 
PPTX
Manage CISCO IOS
anilinvns
 
PPT
Dynamic routing OSPF 1
Kishore Kumar
 
PPTX
ENHANCED IGRP (EIGRP) AND OPEN SHORTEST PATH FIRST (OSPF)
anilinvns
 
PPTX
INTRODUCTION TO IOS AND CISCO ROUTERS
anilinvns
 
PDF
CCNA - Routing & Switching Commands
Eng. Emad Al-Atoum
 
PPSX
Packet Tracer Tutorial # 2
Abdul Basit
 
PPTX
Router configuration in packet tracer
Anabia Anabia
 
DOC
Cisco switch commands cheat sheet
3Anetwork com
 
PPT
Day 5.3 configuration of router
CYBERINTELLIGENTS
 
PPTX
Лекц 8
Muuluu
 
PPT
Switch configuration
Muuluu
 
PDF
Cisco commands List for Beginners (CCNA, CCNP)
DH Da Lat
 
PPT
Cisco ACL
faust0
 
Лекц 15
Muuluu
 
VIRTUAL LANS
anilinvns
 
Router configuration in packet tracer
Anabia Anabia
 
Cisco router configuration tutorial
IT Tech
 
Router commands
Akshay Bhardwaj
 
Cisco router basic
Tapan Khilar
 
Ccna Commands In 10 Minutes
CCNAResources
 
Manage CISCO IOS
anilinvns
 
Dynamic routing OSPF 1
Kishore Kumar
 
ENHANCED IGRP (EIGRP) AND OPEN SHORTEST PATH FIRST (OSPF)
anilinvns
 
INTRODUCTION TO IOS AND CISCO ROUTERS
anilinvns
 
CCNA - Routing & Switching Commands
Eng. Emad Al-Atoum
 
Packet Tracer Tutorial # 2
Abdul Basit
 
Router configuration in packet tracer
Anabia Anabia
 
Cisco switch commands cheat sheet
3Anetwork com
 
Day 5.3 configuration of router
CYBERINTELLIGENTS
 
Лекц 8
Muuluu
 
Switch configuration
Muuluu
 
Cisco commands List for Beginners (CCNA, CCNP)
DH Da Lat
 
Cisco ACL
faust0
 
Ad

Viewers also liked (19)

DOCX
How to configure vlan, stp, dtp step by step guide
IT Tech
 
PPT
CCNA 2
Asish Verma
 
DOC
Ccna 3 chapter 1 v4.0 answers 2011
Dân Chơi
 
PPTX
ppt on 6 weeks summer training
Pulkit Mahajan
 
PDF
NAT Ccna
singhsukdeep
 
PPTX
CCNA ppt Day 3
VISHNU N
 
PPT
CCNA part 7 acl
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
PPT
Chapter10ccna
ernestlithur
 
PDF
ccna project
Amardeep Singh Brar
 
PPTX
Ccna PPT
AIRTEL
 
PPTX
6 weeks/months project training from CMC Faridabad - Ppt of ccna project from...
thesakshi12
 
PPT
CCNA Security 010-configuring cisco asa
Ahmed Habib
 
PPT
CCNA Security 07-Securing the local area network
Ahmed Habib
 
PPT
CCNA Security 05- securing the management plane
Ahmed Habib
 
PPT
Network Security - Layer 2
samis
 
PDF
CCNAv5 - S2: Chapter 9 Access Control Lists
Vuz Dở Hơi
 
PPT
CCNA Security 06- AAA
Ahmed Habib
 
PPT
CCNA Security 03- network foundation protection
Ahmed Habib
 
PPTX
Network address translation
Varsha Honde
 
How to configure vlan, stp, dtp step by step guide
IT Tech
 
CCNA 2
Asish Verma
 
Ccna 3 chapter 1 v4.0 answers 2011
Dân Chơi
 
ppt on 6 weeks summer training
Pulkit Mahajan
 
NAT Ccna
singhsukdeep
 
CCNA ppt Day 3
VISHNU N
 
CCNA part 7 acl
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Chapter10ccna
ernestlithur
 
ccna project
Amardeep Singh Brar
 
Ccna PPT
AIRTEL
 
6 weeks/months project training from CMC Faridabad - Ppt of ccna project from...
thesakshi12
 
CCNA Security 010-configuring cisco asa
Ahmed Habib
 
CCNA Security 07-Securing the local area network
Ahmed Habib
 
CCNA Security 05- securing the management plane
Ahmed Habib
 
Network Security - Layer 2
samis
 
CCNAv5 - S2: Chapter 9 Access Control Lists
Vuz Dở Hơi
 
CCNA Security 06- AAA
Ahmed Habib
 
CCNA Security 03- network foundation protection
Ahmed Habib
 
Network address translation
Varsha Honde
 
Ad

Similar to CCNA ppt Day 7 (20)

PPT
Chapter10ccna
robertoxe
 
PDF
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Shu Shin
 
PDF
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Shu Shin
 
PPT
Chapter10ccna
Lakshan Perera
 
PPT
Ciso ospf
myciokas
 
DOC
Cisco router command configuration overview
3Anetwork com
 
PPT
Ciso 4 ospf
myciokas
 
DOCX
1 SEC450 ACL Tutorial This document highlights.docx
dorishigh
 
PPTX
Network Design on cisco packet tracer 6.0
Saurav Pandey
 
PDF
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
adityacommunication1
 
PPT
In depth understanding network security
Thanawan Tuamyim
 
DOCX
Router Commands Overview
Muhammed Niyas
 
DOCX
Ccnacommand 140205001152-phpapp01
A.S.M Shmimul Islam.
 
PDF
Basic cisco commands_by_marcus_nielson_2
MAFANTIRI SELLO
 
PDF
Ciso commands
MAFANTIRI SELLO
 
PDF
Ciso commands
MAFANTIRI SELLO
 
PPTX
Lan Network with Redundancy.ppt
Santanu Mukhopadhyay
 
PPTX
Lan Network with Redundancy
Santanu Mukherjee
 
DOCX
Student Name _________________________________ Date _____________SE.docx
emelyvalg9
 
PPTX
Cisco CCNA-Standard Access List
Hamed Moghaddam
 
Chapter10ccna
robertoxe
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Shu Shin
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Shu Shin
 
Chapter10ccna
Lakshan Perera
 
Ciso ospf
myciokas
 
Cisco router command configuration overview
3Anetwork com
 
Ciso 4 ospf
myciokas
 
1 SEC450 ACL Tutorial This document highlights.docx
dorishigh
 
Network Design on cisco packet tracer 6.0
Saurav Pandey
 
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
adityacommunication1
 
In depth understanding network security
Thanawan Tuamyim
 
Router Commands Overview
Muhammed Niyas
 
Ccnacommand 140205001152-phpapp01
A.S.M Shmimul Islam.
 
Basic cisco commands_by_marcus_nielson_2
MAFANTIRI SELLO
 
Ciso commands
MAFANTIRI SELLO
 
Ciso commands
MAFANTIRI SELLO
 
Lan Network with Redundancy.ppt
Santanu Mukhopadhyay
 
Lan Network with Redundancy
Santanu Mukherjee
 
Student Name _________________________________ Date _____________SE.docx
emelyvalg9
 
Cisco CCNA-Standard Access List
Hamed Moghaddam
 

Recently uploaded (20)

PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Encapsulation theory and applications.pdf
gurumoop
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
KodekX | Application Modernization Development
KodekX
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 

CCNA ppt Day 7

  • 1. ACL (Access Control List)  ACLS’s are used for network security  Conditions for controlling traffics through router is called ACL.  Two conditions are:- 1. Permit 2. Deny  Two types are:- 1. Standard (1-99) 2. Extended (100-199)
  • 2. Standard ACL  Range 1-99  Standard ACL is configured under destination Router  Source IP is given for Standard ACL  Entire TCP/IP protocol stack is blocked when Deny condition is applied
  • 3. Configuring Standard ACL  Router(config)#access-list ‘no:’ deny host ‘destination address’  Router(config)#access-list ‘no:’ permit any
  • 4. Filter Design  Filter is designed at the interface which is nearest to destination in standard ACL  ACL will only be accessible if filter is designed.  Syntax:- Router(config-if)# ip access group ‘access list no:’ ‘in or out ‘
  • 5. Verifying ACL’s Router #show access-list To remove:- Router(config)#no access-list ‘no:’ Router(config-if)#no ip access group ‘access list no:’ ‘in or out’
  • 6. Extended ACL  Range- 100-199  Extended ACL is configured under the source router.  Source IP and Destination IP is given for Extended ACL  Each or any protocols could be blocked when Deny condition is applied
  • 7. Configuring Extended ACL Router(config)#access-list ‘no:’ deny ‘service’ host ‘address’ host ‘address’ Router(config)#access-list ‘no:’ permit ‘service’ host ‘address’ network ‘address’ ‘mask’ For blocking a network- Router(config)#access-list ‘no:’ deny ‘service’ host ‘address’ network ‘address’ ‘mask’ For blocking TCP Router(config)#access-list ‘no:’ deny tcp host ‘address’ network ‘address’ ‘mask’ eq ‘port no:’
  • 8. Named ACL  ACL’s with name are called Named ACLs.  Syntax:- For Standard Router(config)#ip access-list standard ‘access list name’ Router(config-std-nacl)#deny host ‘address’ Router(config-std-nacl)#permit any For Extended Router(config)#ip access-list extended ‘access list name’ Router(config-std-nacl)#deny ‘service’ host ‘address’ host ‘address’ Router(config-std-nacl)#permit any any
  • 9. Filter Design Router(config-if)#ip access group ‘access list name:’ ‘in or out’  To verify:- Router#show ip access-list
  • 10. NAT (Network Address Translation)  This service converts Private IP address to Public IP address  To avoid IP wastage  Implements Network Security.  Types of NAT:- 1. Static 2. Dynamic 3. NAT Overloading or PAT (Port Address Translation)
  • 11. Static NAT  One to one mapping  Each private range IP is provided with each public range IP
  • 12. Dynamic NAT  One to many mapping  A pool is created inside the NAT service.  In that it holds the information about public IP and its corresponding Private IP  Each private IP selects its own Public IP for communication with the help of Router
  • 13. NAT overloading or PAT (Port Address Translation)  Each Private IP is Translated on one single Public IP.  Each one is Provided with Port Numbers in order to avoid conflict.
  • 14. Static NAT Configuration  Router(config)#Int fast Ethernet 0/0  Router(config-if)# IP NAT inside  Router(config)#Int s 1/0  Router(config-if)# IP NAT outside  Router(config-if)# Exit  Router(config)# ip NAT inside source static 10.0.0.1 200.0.0.1  To see the table  Router(config)#show ip nat translations  Router(config)#show ip nat statistics
  • 15. Dynamic NAT Configuration  Access list creation- for grouping the private IP’s in our network  Pool creation- Creating pool in which the translations are to be included.  Nat Activation Create an Access List Router(config)# Access-list 1 permit 10.0.0.0 0.255.255.255 Configure NAT dynamic Pool Router(config)# IP NAT pool pool1 200.0.0.1 200.0.0.254 netmask 255.255.255.0 Link Access List to Pool Router(config)# IP NAT inside source list 1 pool pool1
  • 16. PAT Configuration Router#config t Router(config)# int e 0 Router(config-if)# ip nat inside Router(config)# int s 0 Router(config-if)# ip nat outside Router(config)#access-list 1 permit 10.0.0.0 0.255.255.255 Router(config)#ip nat inside source list 1 interface s 0 overload To see host to host ping configure static or dynamic routing To check translation #show ip nat translations