Showing posts with label ACL. Show all posts
Showing posts with label ACL. Show all posts

Wednesday, May 25, 2016

ACLs by Country

Posted by  on  with 1 comment 
In , ,  
Have you ever wanted to create an ACL by country?  There's a number of different ways you can go about it.  Certain models of firewalls have this functionality built in.  IOS based routers and ASA firewalls have no such capability, so we'll have to do this a bit more manually.  I'll present two methods. The first method is detailed here.  In this post, wget goes out...
Share:

Wednesday, April 13, 2016

Resequencing an ACL

Posted by  on  with No comments 
In , ,  
Here's a quick post on a very useful command when working with ACLs.  I first heard about it while watching a CBT Nugget video, and I can say that it was definitely not covered in the NetAcad curriculum when I went through the classes, because I remember bringing it up to the instructor and it was news to him. So let's begin by setting the scenerio.  You have the following ACL: show ip...
Share:

Wednesday, April 6, 2016

Reflexive ACLs on IOS Routers

Posted by  on  with No comments 
In , ,  
In a nutshell, reflexive ACLs allow packets to be evaluated based on upper layer session information. You use reflexive ACLs in order to permit the return traffic from an established session, but deny all other traffic in that direction.  For example, you open up a browser and establish an HTTPS session with www.awesomewebsite.com.  Now obviously, you want the return traffic from the server...
Share:

Wednesday, March 16, 2016

Shortening ACLs

Posted by  on  with No comments 
In ,  
There are two main ways of shortening ACLs and improving their readability or performance. As you know, ACLs can grow to include hundreds of ACEs and cover many pages when printed.  So any way of minimizing the number of ACEs present may be welcomed.   A shorter ACL will consume less flash memory in the form of the startup configuration, less RAM in the form of the running configuration,...
Share:

Saturday, December 3, 2011

Building an ACL

Posted by  on  with No comments 
In , ,  
The different types of ACLs are first identified by the line number used. Standard IP ACLs use numbers in the range of 1 – 99 and 1300 – 1999. Extended ACLs use numbers in the range 100 - 199 and 2000 – 2699. Other types of ACLs which filter traffic utilizing other protocols such as Appletalk, DECNet, IPX, and XNS use other number ranges, however those are rarely used today. Named ACLs of course do...
Share: