Configure and verify ACLs in a network environment
We would be explaining here about configuring network security utilizing the ACLs (access control lists). This configuration would be done using commands and tables that are often referred to as the access list. One pre-requisite would be that you are required to have installed an advanced software image on your switch. Anyone can configure the network security utilizing CLI (command line interface) or CMS (cluster management suite). You would be able to obtain a step by step online guide about installing CMS. There would be an option to filter the inbound traffic. The filtering could be done utilizing the TCP/UDP applications.
It is considered to be the access control entry (ACE) that would be present in every ACL that would be allowing or denying the packet.
Some of the ACL that the switch would be supporting are:
1. Filtering the layer two traffic in an Ethernet ACL.
2. The IP ACLs could also be filtering IP traffic.
3. It could also be supporting the TCP as well as UDP (user datagram protocol).
You are required to keep in mind that only one ACL could be attached to one interface. When you would be configuring an ACL, you should bear in mind that all the ACE in the one ACL would require a similar user-defined mask. One could even apply any number of system-defined covers. The catalyst 2950 switch would be consistent with the Cisco catalyst switch.
The catalyst 2950 switch don’t support the following features:
1. IP accounting.
2. Reflexive ACLs.
3. Bridge group ACLs and others.
Named and Numbered are considered to be the two types of ACL that would be known. We would now be discussing each of them in detail to gain a better idea about them.
Named ACL
You could also identify an ACL with a name that is considered to be alphanumeric. This would be allowing the network administrator to utilize words for identifying the access list. This would make them easy to remember as well as also working on. You could also reorder the statement and add new words to the statement in the named list. It would help if you kept in mind that all IP access lists won’t accept a named ACL. The standard ACL, as well as extended ACL, couldn’t have the same name. There would be lots of a possibility to remove lines from a named ACL. This would be precisely why it is considered to be more preferred to a numbered ACL. The named ACL would be allowing the user the following features: • Non-contiguous ports • TCP flag filtering • IP options filtering • It could also eliminate entries in named ACL Some commands would be only accepting the numbered access and some only named access.Numbered ACL
The numbered ACL isn’t that much popular as they aren’t considered user-friendly as the new named ACLs. The time that would be required to edit a numbered ACL would be huge. However, it would help if you had a good idea of the numbered ACL as they would be often utilized in the old deployments. One should know about using these as you might come across them. Numbered ACLs could be used for making simple ACLs. Some network administrators utilize the combination of named as well as numbered ACL. Typically to configure a numbered ACL, you are required to copy the existing ACL into a notepad. If you wish to earn more information regarding the same, you must look forward to gaining the SPOTO IT Exam Dumps to help you obtain more knowledge on the topic and achieve your dream certification. Get more verify ccna certificate online verify ccna click here.
Recommend Cisco exam study materials:
Where to Find the best and real CCNA 200-301 exam cheat sheet?
How to pass the Cisco CCNA certified exam in 2020?