Options
ACL Query ?
satishtech
Member Posts: 243
in CCNA & CCENT
Do I need to know all the sub options in ACL's for the CCENT exam ?
Options such as :
dscp
established
ack,fin,rst,psh,syn
fragments
neq
tos
time-range
urg
[ log and log-input are required , but what about the above ]
ahp
eigrp
esp
gre
icmp
ip
ospf
tcp
udp
[tcp,udp,icmp,ip is OK what about the rest ? ]
Also like in ICMP there are various sub options .
Router(config)#access-list 100 deny icmp host 192.168.10.100 host 192.168.1.100 ?
<0-256> type-num
echo Echo (ping)
echo-reply Echo reply
host-unreachable Host unreachable
net-unreachable Net unreachable
port-unreachable Port unreachable
protocol-unreachable Protocol unreachable
ttl-exceeded TTL exceeded
unreachable All unreachables
<cr>
and do I need to know remember all the well known port number 0 - 1023 ?
kindly advice ?
any ACL lab guides ?
[also to block access to an email server , blocking ports 25 and 110 is that enough ? ]
Options such as :
dscp
established
ack,fin,rst,psh,syn
fragments
neq
tos
time-range
urg
[ log and log-input are required , but what about the above ]
ahp
eigrp
esp
gre
icmp
ip
ospf
tcp
udp
[tcp,udp,icmp,ip is OK what about the rest ? ]
Also like in ICMP there are various sub options .
Router(config)#access-list 100 deny icmp host 192.168.10.100 host 192.168.1.100 ?
<0-256> type-num
echo Echo (ping)
echo-reply Echo reply
host-unreachable Host unreachable
net-unreachable Net unreachable
port-unreachable Port unreachable
protocol-unreachable Protocol unreachable
ttl-exceeded TTL exceeded
unreachable All unreachables
<cr>
and do I need to know remember all the well known port number 0 - 1023 ?
kindly advice ?
any ACL lab guides ?
[also to block access to an email server , blocking ports 25 and 110 is that enough ? ]
Comments
-
Options
ccnpninja
Member Posts: 1,010 ■■■□□□□□□□
For CCENT, I don't think so. These are advanced options. Learn the basic use of ACLs and where to put them.my blog:https://keyboardbanger.com -
Optionssatishtech
Member Posts: 243
Dear Ninja (and everybody) kindly tell me the basic usage of ACL's
I mean where do I draw the line ? eq gt lt neq range ?
Dear Ninja can you elaborate on 'where to put acl's ' ? placement tips ?
also do I need to know all the port numbers ? -
Options
networker050184
Mod Posts: 11,962 Mod
Look through the CCENT exam objectives and make sure you learn everything there and you will be fine.An expert is a man who has made all the mistakes which can be made. -
Optionsfredrikjj
Member Posts: 879
satishtech wrote: »Dear Ninja (and everybody) kindly tell me the basic usage of ACL's
I mean where do I draw the line ? eq gt lt neq range ?
Dear Ninja can you elaborate on 'where to put acl's ' ? placement tips ?
also do I need to know all the port numbers ?
First look at the standard ACL. What does it do? How do you configure it? What are the limitations? Then look at extended ACL. Make sure that you understand that you can match on both source and destination, and also port numbers. Know how to work with wildcards. Understand a basic implementation like "Users in subnet 192.168.1.0/25 should not be able to access the web server at 10.12.45.6. The web server is using the standard port for http. Apply this ACL at an appropriate interface on Router 3. All non-http traffic should be allowed". The official certification guide should also contain roughly what you are expected to know so check that out as well.