Discover the additional matching capabilities and configuration of extended ACLs.
- [Narrator] I always utilized extended ACLs when possible. … They offer more flexibility as they can match … more portions of the packet header, … which means greater granularity. … Extended ACLs configure similarly to standard ACLs, … at least at first. … Their number ranges are from 100 to 199 and 2000 to 2699. … The command structure begins access list number … perimeter nine, then it changes. … After this a protocol is specified … like TCP, UDP, ICMP or IP. … Next, is source address and wildcard masks … then destination and wildcard masks. … An extended ACL entry that will allow any ICMP … would be config t, access list 101 permit icmp any any. … Here, I specified the ACL command, … then the number, permit to allow, ICMP is the protocol type, … then any source and any destination. … If I also wanted to deny any UDP, … it would be access list 101 deny UDP any to any. … I could be more specific with addressing like … access list 101 deny UDP host 192.168.1.1 … to network 10.0.0.0.0.0.0.255. …
Note: A complete overview of the exam and registration instructions can be found at https://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/ccna-200-301.html.
- Elements of a robust security program
- Password policy
- Access control lists
- Dynamic ARP Inspection (DAI)
- Software-defined networking
- Software-Defined Access (SDA)
- Rest APIs
- Automation platforms