- Shopping Bag ( 0 items )
Ships from: Geneva, IL
Usually ships in 1-2 business days
Get Certified with Help from this Authoritative Exam Preparation Tool Prepare to pass the Cisco Certified Network Associate exam with this comprehensive exam preparation tool. Written by an expert in network technologies training,this authoritative resource covers everything you need to know to pass the challenging CCNA 2. 0 exam. Inside,you'll find exam objectives at the beginning of each chapter,helpful exam tips,end-of-chapter practice questions,and hundreds of photographs and illustrations. This comprehensive guide not only helps you pass CCNA Exam 640-507,but also teaches you how to be an expert Cisco networking associate.
Get full details on all exam topics,including:
The CD-ROM features:
Routers provide another tool that allows data filtering and allows or denies access based on a predefined list of criteria. At the heart of this filtering is a router feature called access control lists (ACLs) or often just access lists. Access lists can block a single host's access to a resource, or it can selectively provide filtering to a variety of IP resources. Access lists are a starting point for adding security and traffic management to your network, but they cannot protect your network by themselves. Devices like firewalls and proxy servers, as well as password management, physical security, and solid administrative policies, should be used to augment them.
ACLs are powerful tools but are understood fully by few people; take the time necessary to master the skills involved. Proficiency in building and debugging access lists is one of the skills that can distinguish you from the masses.
NOTE: ACLs use a feature called wildcard masks that will be considerably easier to understand if you have mastered IP addressing and subnet masks. If you are not comfortable with subnet masks, you might want to review this topic first—or at least review it if you get stuck.
With skill, planning, and practice we should be able to define very specific limited criteria. For example, we can block all access to a network by a host or group of hosts based exclusively on their source address. Or, we could choose to limit Web browsing to selected servers during certain hours while still allowing unlimited FTP and e-mail access.
We have examples of similar processes in our noncomputer lives. Filing income taxes in the United States is one example. If you look at the "Who must file?" information on the cover of any of the tax-form instructions, you will see a list of conditions. If you meet any one of the conditions, you must file a report. Each condition is very specific; if you match one or more criteria, you are in. In Washington State, a jury summons has a short access list that asks four questions. If you answer no to any one, you are excluded from the pool. Your desire or interest in participating is not one of the questions.
Keep in mind that, like all good things, access lists can be overused, and they can be used incorrectly, causing more harm to the network's performance than you might imagine. Since ACLs have to be processed by the CPU on every packet, good minimalist design is essential to accomplish the goal while preserving router resources. A poorly designed access list can hurt network performance and still fail to meet the original objective.
Note that devices like the Catalyst 6500 process ACLs in hardware, and therefore, the device incurs no loss of performance whatsoever.
ACLs are numbered or named. If numbered, the number indicates the protocol used; if named, the ACL explicitly identifies the protocol supported. It is possible to have multiple ACLs per protocol on a particular router, each with its own unique number or name. In the case of IP and IPX ACLs, it is possible to apply up to two ACLs on a particular interface: one inbound and one outbound. With other protocols, you apply only one ACL to an interface, which filters both inbound and outbound packets.
For the CCNA exam, you will need to be familiar with the basics of IP access lists, so we will concentrate on those. But in the initial discussions of general topics, such as naming and numbering access lists, we will discuss IP and IPX together. As we develop our skills, we will concentrate on IP features.
We will start our coverage by looking at some access list basics that apply to both standard and extended lists. We will then look at the specifics of the standard access list and move on to the more complex extended lists. Much of the basic "why" and "how" of access lists will be covered in this section or in the next section, where we expand on the standard list. Subsequent sections will cover extend lists.
The following lines show a simple two-line standard access list that prevents a particular host, 192.168.1.10, from accessing any devices on the 192.168.5.0 network. Both lines were created in global configuration mode and are the appropriate lines from the show run output....
Posted May 5, 2003