Access Control Lists (ACLs) for Cisco CCNA 200-125/100-105

Selecting specific traffic as it flows through a network is valuable to make networks function in a predictable way. This course, will walk you through the operation, implementation, and troubleshooting of standard and extended access control lists.
Course info
Rating
(30)
Level
Intermediate
Updated
Nov 21, 2016
Duration
2h 37m
Table of contents
Description
Course info
Rating
(30)
Level
Intermediate
Updated
Nov 21, 2016
Duration
2h 37m
Description

Access Control Lists (ACLs) are an important and useful tool on a data network. ACLs allow an administrator to select traffic and filter traffic as it flows through a network. In this course, Access Control Lists (ACLs) for Cisco CCNA 200-125/100-105, you will first examine how standard and extended IPv4 access lists operate. Next, you'll learn how to implement each type of list on a router. Finally you'll explore common errors and how to troubleshoot ACLs using Wireshark. By the end of this course, you will be able to write your own access control lists to filter whatever traffic you want to either permit or deny on your networks.

About the author
About the author

For nearly 20 years, Ross has taught and managed data networks.

More from the author
Network Troubleshooting and Tools
Beginner
2h 54m
20 Apr 2018
Network Security Basics
Beginner
2h 16m
20 Apr 2018
Networking Concepts and Protocols
Beginner
5h 26m
20 Apr 2018
More courses by Ross Bagurdes
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, everyone, my name is Ross Bagurdes, and welcome to my course, Access Control Lists. I'm a network engineer with 20 years' experience building and managing enterprise networks and teaching people about them. Access control lists are one of network engineer's greatest tools to manipulate traffic flow on a network. Understanding ACLs will allow you to manage a network, contain malicious traffic, and restrict access to devices and services. In this course, we will learn about standard and access controls lists and how they can be applied to interfaces and other functions on a router. By the end of this course, you will be able to use Wireshark to build and implement an access control list, as well as having a method to troubleshoot ACLs that are not functioning as desired. Before beginning this course, you should definitely be familiar with IP addressing, packet headers, TCP and UDP segments and their headers, as well as how packets are routed through a network. And all this information can be learned in previous videos in this CCNA training series. From here you should feel comfortable diving into the Network Address Translation course. I hope you'll join me on this journey to learn standard and extended access control lists with the Access Control List course at Pluralsight.

Standard ACLs
Welcome to Pluralsight, I'm Ross Bagurdes. This module is Standard Access Control Lists. Our goals this module are to discuss standard Access Control Lists and take it a step further than what we've already discussed in that introductory section that we just looked at. Next, we're going to look at the wildcard mask. Now the wildcard mask is a bit of a goofy numerical value, but we're going to break it down and find out how simple it actually can be. And we can use that wildcard mask to select a range of addresses for our Access Control Lists. It's something that I did not discuss in the first module when we talked about introducing these Access Control Lists. We're going to look at the syntax of the command so we understand how we implement Access Control Lists. And then I want to actually demonstrate an Access Control List on a Cisco router, so that we can actually see how it behaves.

Extended ACLs
Welcome to Pluralsight. I'm Ross Bagurdes, this next module, we're going to take the access control list course to the next level and talk about extended access control lists. The goals this module are to look at the extended access list selection criteria which is much more sophisticated than what we saw with the standard access control list. We're going to go through an extended control list example just like we did with standard but in order to do that, we're going to need to look at the protocol hierarchy to see how each protocol relates to the other. We're going to take a look then at the command Syntax and then demonstrate how we create the extended access control list as well as apply it to a real router.

Check Your Knowledge: Wildcard Masks, Logging, and ACL Scenarios
Well, welcome to Pluralsight. I'm Ross Bagurdes. We're going to wrap up this ACL course with two check your knowledge sections. This first one we're going to focus on Wildcard Masks, logging and some scenarios that I put together to help better understand ACLs and their operation. What I'd like to do in this first module of check your knowledge is do some more Wildcard Mask problems and see how we can deal with some unusual ranges of numbers and still use a wildcard Mask to accommodate a range of addresses. Additionally, we're going to do a demonstration where I actually log all of the hits on each line of the ACL to assist log server. Then we're going to look at some scenarios of access control lists and we're going to take a given access control list and apply and determine if it will pass traffic or not and then we're going to take a look at correcting accurate access control lists so that traffic flows as we expect it to.

Check Your Knowledge: Using Wireshark and Telnet to Test ACLs
Welcome to Pluralsight, I'm Ross Bagurdes, in this last module of access control list, we're going to do another "Check Your Knowledge" section, and we're going to use Wireshark and Telnet to help us build and test our access control lists. The goals of this module are going to be to use Wireshark to examine our packet and segment headers. Inside those packet and segment headers are all of the addressing that we need in order to properly write an access control list. Additionally we're going to use Telnet to test our access control lists, Telnet allows us to send a three-way handshake on any port number we wish, we may not get the application to work as we expect, but we can use Telnet to very efficiently test to see if our access control list is working. And then the last thing we're going to do here is restrict SSH access to our routers by using an access control list, and applying it to the line VTY section of our configuration instead of applying it to an interface.