IP Access List Written Notes

These are my ‘crib notes’ that I’ve made to serve as a last minute refresher. Please forgive the grammer / spelling as I did not develop these notes with publishing in mind

IP Access Lists

*** Theory ****

  • Access List: Runs top to bottom. Implicit deny at the end at stop at match like a FW. Put common rules at top for lesser overheads.
  • Standard list – Need to place as close to the destination router
  • Extended List: uses more specifics but more overheads and close to the source as possible. Extended is better as  it doesn’t waste bandwidth by going all the way to the destination
  • Named Access Lists: puts sequence numbers in access lists so you can add and remove when needed
    • Use “ip” so, ip access-list extended DEMO then hit return1
  • Dynamic Access List: access list that requires user to authenticate.
    • Access-list 101 permit tcp any host 192.168.1.3 eq telnet
      • Need to telnet in and authenticate
  • Access-list 101 dynamic DEMO timeout 120 (cuts them off even not idle) permit ip any any
  • Line vty # autocommand access-enable host timeout 1
    • Without the host keyword, it will allow the whole subnet through! Becareful!
    • Timeout is idle timeout
    • Time based access list: Can set a time
      • Config# time range HTTP_LUNCH
      • # absolute
      • # period – allowes for a number of times e.g. every Monday to Friday 12pm to 1pm
      • Then add time-range command to the access list

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: