0% found this document useful (0 votes)

124 views14 pages

Access Control Lists: Huawei Technologies Co., LTD

Uploaded by

Nour Letaief

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

124 views14 pages

Access Control Lists: Huawei Technologies Co., LTD

Uploaded by

Nour Letaief

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 14

Access Control Lists

HUAWEI TECHNOLOGIES CO., LTD.
Foreword

Many technologies and protocols depend on Access Control Lists (ACL)

for greater management and filtering of traffic as part of security
measures or application requirements. The implementation of ACL in
support of other technologies, and as a form of security are required to be
understood, and as such common forms of ACL solutions are introduced.

Upon completion of this section, trainees will be able to:

 Describe the applications for ACL in the enterprise network.

 Explain the decision making behavior of Access Control Lists.

 Successfully implement Basic and Advanced Access Control Lists.

.1 192.168.1.0/24 .2

G0/0/0

G0/0/1 Server A
.1 192.168.2.0/24 .2

 Packets are filtered based on addresses and parameters.

 Rules allow packets to be either permitted or denied.

.1 192.168.1.0/24 .2
Data Data
No Match

G0/0/0

Match
Data Encrypted
.1 192.168.2.0/24 .2
Data

 Packets can be filtered to manipulate behavior and actions.

 Parameters and forwarding behavior can be altered as a result.

Types Value Ranges Parameters

Basic 2000-2999 Source IP
Source & Destination IP, Protocol, Source &
Advanced 3000-3999
Destination Port
Layer 2 ACL 4000-4999 MAC Address

 Three forms of ACL can be applied to AR2200 series routers.

 Parameters for packet filtering vary for each ACL type.

acl 2000
rule 5 deny source 192.168.1.0 0.0.0.255
If no match

rule 10 deny source 192.168.2.0 0.0.0.255

If no match

rule 15 deny source 172.16.0.0 0.0.0.255

172.16.0.0/24
RTA If no match

rule 20 permit source any

172.16.1.0/24

 Rules are used to manage the decision process for each ACL.

Host A

200.10.10.1/24

RTA
192.168.1.1/24
G0/0/0
Host B

192.168.2.1/24

[RTA]acl 2000
[RTA-acl-basic-2000]rule deny source 192.168.1.0 0.0.0.255
[RTA-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[RTA]interface GigabitEthernet 0/0/0
[RTA-GigabitEthernet0/0/0]traffic-filter outbound acl 2000

Host A> ping 200.10.10.1

Ping 200.10.10.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
...

[RTA]display acl 2000

Basic ACL 2000, 2 rules
Acl's step is 5
rule 5 deny source 192.168.1.0 0.0.0.255 (5 matches)
rule 10 permit source 192.168.2.0 0.0.0.255

 The rules and matching order can be verified for each ACL.

 Basic ACL rules are matched based on each source IP address.

Host A
FTP Server
172.16.10.1/24

RTA
192.168.1.1/24
G0/0/1
Host B Private Server

192.168.2.1/24 172.16.10.2/24

[RTA]acl 3000
[RTA-acl-adv-3000]rule deny tcp source 192.168.1.0 0.0.0.255
destination 172.16.10.1 0.0.0.0 destination-port eq 21
[RTA-acl-adv-3000] rule deny ip source 192.168.2.0 0.0.0.255
destination 172.16.10.2 0.0.0.0
[RTA-GigabitEthernet0/0/1]traffic-filter inbound acl 3000

[RTA]display acl 3000

Advanced ACL 3000, 2 rules
Acl's step is 5
rule 5 deny tcp source 192.168.1.0 0.0.0.255 destination 172.16.10.1 0
destination-port eq ftp
rule 10 deny ip source 192.168.2.0 0.0.0.255 destination 172.16.10.2 0

 Advanced ACL rules defined in the range of 3000-3999 add

complexity due to the number of parameters used for filtering.

Private IP Match ACL Public IP

NAT
RTA
192.168.1.1/24
G0/0/0
Host B

[RTA] nat address-group 1 202.110.10.8 202.110.10.15

[RTA] nat address-group 2 202.115.60.1 202.115.60.30
192.168.2.1/24
[RTA] acl 2000
[RTA-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[RTA] acl 2001
[RTA-acl-basic-2001] rule permit source 192.168.2.0 0.0.0.255
[RTA] interface GigabitEthernet 0/0/0
[RTA-GigabitEthernet0/0/0] nat outbound 2000 address-group 1
[RTA-GigabitEthernet0/0/0] nat outbound 2001 address-group 2

 The advanced access control list is capable of filtering traffic based on

which attributes?

 Once an ACL rule is matched to a condition, what action is taken?

01-04 ACL Configuration
No ratings yet
01-04 ACL Configuration
133 pages
01-02 ACL Configuration
No ratings yet
01-02 ACL Configuration
122 pages
01-02 ACL Configuration
No ratings yet
01-02 ACL Configuration
146 pages
CH3 Sécurité
No ratings yet
CH3 Sécurité
40 pages
Acls and Firewall Technologies
No ratings yet
Acls and Firewall Technologies
64 pages
12- ACL Principles and Configuration
No ratings yet
12- ACL Principles and Configuration
25 pages
Lesson12-ACL Principles and Configuration
No ratings yet
Lesson12-ACL Principles and Configuration
31 pages
Day+34+Slides+ +Standard+ACLs
No ratings yet
Day+34+Slides+ +Standard+ACLs
30 pages
12 ACL Principles and Configuration
No ratings yet
12 ACL Principles and Configuration
27 pages
11 Routing Policy and Route Control
No ratings yet
11 Routing Policy and Route Control
52 pages
14 ACL Principles and Configuration
No ratings yet
14 ACL Principles and Configuration
23 pages
N-unit 15 Lesson 1
No ratings yet
N-unit 15 Lesson 1
32 pages
C# Notes PDF
No ratings yet
C# Notes PDF
1,400 pages
HC110110027 Access Control Lists
No ratings yet
HC110110027 Access Control Lists
14 pages
Dis4 Lab 1.3.4.4 Answer
100% (2)
Dis4 Lab 1.3.4.4 Answer
11 pages
25.security Basics - ACL Principles
No ratings yet
25.security Basics - ACL Principles
21 pages
09-Security-and-Traffic-Management
No ratings yet
09-Security-and-Traffic-Management
39 pages
Malandro
No ratings yet
Malandro
480 pages
Access Control Layer (ACL)
No ratings yet
Access Control Layer (ACL)
21 pages
Huawei Access-Lists (ACL)
No ratings yet
Huawei Access-Lists (ACL)
6 pages
ACLs.pdf
No ratings yet
ACLs.pdf
16 pages
10-ACL
No ratings yet
10-ACL
64 pages
Access Control Lists (ACL)
No ratings yet
Access Control Lists (ACL)
2 pages
Lec 09,10 - Access Control Lists
No ratings yet
Lec 09,10 - Access Control Lists
21 pages
5 1 8 PDF
100% (1)
5 1 8 PDF
7 pages
Modul 5 Access Control List PDF
No ratings yet
Modul 5 Access Control List PDF
48 pages
NetFasteR IAD 2 English User Manual
0% (1)
NetFasteR IAD 2 English User Manual
114 pages
Exploration Accessing WAN Chapter5
No ratings yet
Exploration Accessing WAN Chapter5
36 pages
Practical 4
No ratings yet
Practical 4
12 pages
CCNAv3.3 210
No ratings yet
CCNAv3.3 210
52 pages
Access Control List
No ratings yet
Access Control List
9 pages
Chapter 8 Access Control Lists (ACL)
No ratings yet
Chapter 8 Access Control Lists (ACL)
47 pages
Chapter 4:implementing Firewall Technologies
No ratings yet
Chapter 4:implementing Firewall Technologies
115 pages
Clase 17. Packet Filtering
No ratings yet
Clase 17. Packet Filtering
70 pages
HC110110027 Access Control Lists
No ratings yet
HC110110027 Access Control Lists
14 pages
2 ACL Theory Standard Extended Named
No ratings yet
2 ACL Theory Standard Extended Named
7 pages
Access Control Lists: Huawei Technologies Co., LTD
No ratings yet
Access Control Lists: Huawei Technologies Co., LTD
14 pages
ACL_pricipios20
No ratings yet
ACL_pricipios20
7 pages
A Experiment No.1
No ratings yet
A Experiment No.1
49 pages
Introducing ACL Operation: Access Control Lists
No ratings yet
Introducing ACL Operation: Access Control Lists
17 pages
Access Control List
No ratings yet
Access Control List
17 pages
CCNA 2 v7 Modules 14
No ratings yet
CCNA 2 v7 Modules 14
33 pages
ACL Part-1
No ratings yet
ACL Part-1
6 pages
Exoc Module 15 Network Troubleshooting PDF
No ratings yet
Exoc Module 15 Network Troubleshooting PDF
86 pages
ComNet CWGE26FX2TX24MSPOE Instruction Manual
No ratings yet
ComNet CWGE26FX2TX24MSPOE Instruction Manual
138 pages
Soal-03 Packet Tracer - Configuring Standard ACLs - Reza Ramadhan - KeamananJaringan - AC
No ratings yet
Soal-03 Packet Tracer - Configuring Standard ACLs - Reza Ramadhan - KeamananJaringan - AC
4 pages
Acls
No ratings yet
Acls
6 pages
Data Link Layer
No ratings yet
Data Link Layer
53 pages
Access Control List
No ratings yet
Access Control List
6 pages
ClearPass QuickConnect 2.0.2 User Guide
No ratings yet
ClearPass QuickConnect 2.0.2 User Guide
26 pages
week 4 to 5 (1)
No ratings yet
week 4 to 5 (1)
16 pages
ACL Fundamentals
No ratings yet
ACL Fundamentals
44 pages
Why Use Access Control Lists (ACL)
No ratings yet
Why Use Access Control Lists (ACL)
5 pages
Access Control List
No ratings yet
Access Control List
7 pages
Internet Security
No ratings yet
Internet Security
34 pages
Sikandar CCIE-RS-v5-Security Workbook PDF
100% (2)
Sikandar CCIE-RS-v5-Security Workbook PDF
187 pages
ACL2
No ratings yet
ACL2
88 pages
ACL (Access Control List)
No ratings yet
ACL (Access Control List)
6 pages
Access Control Lists: Security
No ratings yet
Access Control Lists: Security
7 pages
Sophos FW IPS Alerts
No ratings yet
Sophos FW IPS Alerts
25 pages
7.2.1.6 Packet Tracer Configuring Numbered Standard IPv4 ACLs Instructions - ILM
No ratings yet
7.2.1.6 Packet Tracer Configuring Numbered Standard IPv4 ACLs Instructions - ILM
4 pages
BRKACI-2642-Layer 3 Outs
No ratings yet
BRKACI-2642-Layer 3 Outs
100 pages
Workshop Guide - Activity 12
No ratings yet
Workshop Guide - Activity 12
3 pages
CCNA 200-301 Official Cert Guide, Volume 2-28
No ratings yet
CCNA 200-301 Official Cert Guide, Volume 2-28
3 pages
004 Secruity-IP Services-CCNA PDF
No ratings yet
004 Secruity-IP Services-CCNA PDF
204 pages
9.2.1.10 Packet Tracer Configuring Standard ACLs Instructions
No ratings yet
9.2.1.10 Packet Tracer Configuring Standard ACLs Instructions
4 pages
Route Selection and Control On NE Series Routers
No ratings yet
Route Selection and Control On NE Series Routers
79 pages
Ace Tacacs and Radius
No ratings yet
Ace Tacacs and Radius
28 pages
Wireless Security Protocols WPA3 A Systematic Literature Review
No ratings yet
Wireless Security Protocols WPA3 A Systematic Literature Review
13 pages
1 - Unit 2 Assignment 2
No ratings yet
1 - Unit 2 Assignment 2
17 pages
CCNA ACL Cheat Sheet Updated
No ratings yet
CCNA ACL Cheat Sheet Updated
3 pages
Access Control List: Inbound Acls
No ratings yet
Access Control List: Inbound Acls
17 pages
NAT PAT Overview
No ratings yet
NAT PAT Overview
22 pages
K Minolta List CSRC Errors
No ratings yet
K Minolta List CSRC Errors
3 pages
NSE4 5.4 Exam 2019
No ratings yet
NSE4 5.4 Exam 2019
19 pages
CCNA Certification Study Guide Volume 2: Exam 200-301 v1.1
From Everand
CCNA Certification Study Guide Volume 2: Exam 200-301 v1.1
Todd Lammle
5/5 (1)
1017-09-018, Rev. 0 - miniiSED Communication Protocol
No ratings yet
1017-09-018, Rev. 0 - miniiSED Communication Protocol
16 pages
ACI Multi-Pod White Paper
No ratings yet
ACI Multi-Pod White Paper
43 pages
DS-2CD1047G2H-LIUF Datasheet 20230927
No ratings yet
DS-2CD1047G2H-LIUF Datasheet 20230927
5 pages
Fortigate Labs
No ratings yet
Fortigate Labs
7 pages
About The Virtual Private Network (VPN) - Information Systems & Technology - University of Waterloo
No ratings yet
About The Virtual Private Network (VPN) - Information Systems & Technology - University of Waterloo
4 pages
Overview 3. Checklist 5. Link Fault Pass Through (LFP) : Link Loss Return (LLR)
No ratings yet
Overview 3. Checklist 5. Link Fault Pass Through (LFP) : Link Loss Return (LLR)
2 pages
2524 Lacp
No ratings yet
2524 Lacp
6 pages
Enable The Real-Time Attachment Scanning For Outgoing Mail Sent Via The Web Client - Zimbra - Tech Center
No ratings yet
Enable The Real-Time Attachment Scanning For Outgoing Mail Sent Via The Web Client - Zimbra - Tech Center
2 pages
Bock Whatsapp
No ratings yet
Bock Whatsapp
4 pages
Fmux160 80
No ratings yet
Fmux160 80
2 pages
X6U High-End IP Phone-X6U Datasheet-1
No ratings yet
X6U High-End IP Phone-X6U Datasheet-1
2 pages
Hack Telnet
No ratings yet
Hack Telnet
10 pages
WAN TECHNOLOGY FRAME-RELAY: An Expert's Handbook of Navigating Frame Relay Networks
From Everand
WAN TECHNOLOGY FRAME-RELAY: An Expert's Handbook of Navigating Frame Relay Networks
Mamta Devi
No ratings yet
CompTIA Network+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam N10-008
From Everand
CompTIA Network+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam N10-008
Mike Chapple
No ratings yet