From the course: Cisco CCNA (200-301) Cert Prep: 3 Security, Automation, and Programmability
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Extended ACLs
From the course: Cisco CCNA (200-301) Cert Prep: 3 Security, Automation, and Programmability
Extended ACLs
- [Narrator] I always utilized extended ACLs when possible. They offer more flexibility as they can match more portions of the packet header, which means greater granularity. Extended ACLs configure similarly to standard ACLs, at least at first. Their number ranges are from 100 to 199 and 2000 to 2699. The command structure begins access list number perimeter nine, then it changes. After this a protocol is specified like TCP, UDP, ICMP or IP. Next, is source address and wildcard masks then destination and wildcard masks. An extended ACL entry that will allow any ICMP would be config t, access list 101 permit icmp any any. Here, I specified the ACL command, then the number, permit to allow, ICMP is the protocol type, then any source and any destination. If I also wanted to deny any UDP, it would be access list 101 deny UDP any to any. I could be more specific with addressing like access list 101 deny UDP host 192.168.1.1 to network 10.0.0.0.0.0.0.255. This will filter 192.168.1.1 from…
Contents
-
-
-
Key security concepts4m 18s
-
(Locked)
Security program elements1m 19s
-
(Locked)
Password policy elements2m 27s
-
(Locked)
VPNs2m 43s
-
(Locked)
Standard access control lists (ACLs)4m 49s
-
(Locked)
ACL wildcard masks4m 20s
-
(Locked)
Extended ACLs3m 46s
-
(Locked)
Named ACLs6m 14s
-
(Locked)
Port security4m 18s
-
(Locked)
DHCP snooping3m 33s
-
(Locked)
Dynamic ARP Inspection (DAI)3m 42s
-
-
-