ACL Listas

download ACL Listas

of 13

Transcript of ACL Listas

  • 7/30/2019 ACL Listas

    1/13

    1

    RESOLUCION TRABAJO ACLs

    NOTA.- Las preguntas no s si son mutuamente excluyentes, pero para

    efectos de resolucin las he tratado como si fueran de menos a ms. Para la A,

    solo he tomado esas consideraciones, para la B, esas, ms las anteriores, y as

    sucesivamente:

    PREGUNTA A (La pestaa de IOS Command Linterface Line, cuando se

    hace un copy paste al Word, sale con todos los errores que uno ha tenido, as que

    he optado por hacer un copy solo al comando show access-lists, solo que no

    muestra la interface a la cual esta aplicada la ACL, entonces he copiado tambin

    la salida del comando show ip interface)

    R1#show access-lists

    Extended IP access list 110

    permit tcp host 160.121.33.0 host 200.106.56.13 eq domain

    permit tcp host 160.121.53.67 host 200.106.56.13 eq domain

    R1#show ip interface

    FastEthernet0/0 is up, line protocol is up (connected)

    Internet address is 160.121.32.1/19

    Broadcast address is 255.255.255.255

    Address determined by setup command

    MTU is 1500

    Helper address is not set

    Directed broadcast forwarding is disabled

    Outgoing access list is not set

    Inbound access list is 110

    R4#show access-lists

    Extended IP access list 111

    permit tcp host 154.56.18.28 host 200.106.56.13 eq domain

  • 7/30/2019 ACL Listas

    2/13

    2

    permit tcp host 154.56.20.255 host 200.106.56.13 eq domain

    R4#show ip interface

    FastEthernet0/0 is up, line protocol is up (connected)

    Internet address is 154.56.16.1/21

    Broadcast address is 255.255.255.255

    Address determined by setup command

    MTU is 1500

    Helper address is not set

    Directed broadcast forwarding is disabled

    Outgoing access list is not set

    Inbound access list is 111

    R3#show access-lists

    Extended IP access list 113

    deny tcp 160.121.32.0 0.0.31.255 host 200.106.56.13 eq domain

    deny tcp 154.56.16.0 0.0.7.255 host 200.106.56.13 eq domain

    permit tcp any host 200.106.56.13

    R3#show ip interface

    FastEthernet0/0 is up, line protocol is up (connected)

    Internet address is 200.106.56.2/24

    Broadcast address is 255.255.255.255

    Address determined by setup command

    MTU is 1500

    Helper address is not set

    Directed broadcast forwarding is disabled

    Outgoing access list is 113

    Inbound access list is not set

  • 7/30/2019 ACL Listas

    3/13

    3

    PREGUNTA B

    Aparte de las configuraciones anteriores, en adicin van estas:

    R1#show access-lists

    Extended IP access list 110

    permit tcp host 160.121.33.0 host 200.106.56.13 eq domain

    permit tcp host 160.121.53.67 host 200.106.56.13 eq domain

    Extended IP access list 120

    permit tcp host 160.121.53.67 host 200.106.56.13 eq www

    R1#show ip interface

    FastEthernet0/0 is up, line protocol is up (connected)

    Internet address is 160.121.32.1/19

    Broadcast address is 255.255.255.255

    Address determined by setup command

    MTU is 1500

    Helper address is not set

    Directed broadcast forwarding is disabled

    Outgoing access list is not set

    Inbound access list is 120 MUESTRA LA ULTIMA NO MAS (120), LA ANTERIOR (110) YA NO,

    SIN EMBARGO EN EL SHOW ACCESS-LISTS SI APARECEN LAS 2

    R4#show access-lists

    Extended IP access list 111

    permit tcp host 154.56.18.28 host 200.106.56.13 eq domain

    permit tcp host 154.56.20.255 host 200.106.56.13 eq domain

    Extended IP access list 121

    permit tcp 154.56.16.0 0.0.7.255 host 200.106.56.13 eq www

  • 7/30/2019 ACL Listas

    4/13

    4

    R4#show ip interface

    FastEthernet0/0 is up, line protocol is up (connected)

    Internet address is 154.56.16.1/21

    Broadcast address is 255.255.255.255

    Address determined by setup command

    MTU is 1500

    Helper address is not set

    Directed broadcast forwarding is disabled

    Outgoing access list is not set

    Inbound access list is 121

    NOTA.- Me parece que como en R3 ya existe una ACL anterior, ya no es necesario denegar el

    trafico al Web Server por este router ya que el deny implcito se encargara de denegar todo lo

    dems.

    PREGUNTA C

    Aparte de las configuraciones anteriores, en adicin van estas:

    R4#show access-lists

    Extended IP access list 111

    permit tcp host 154.56.18.28 host 200.106.56.13 eq domain

    permit tcp host 154.56.20.255 host 200.106.56.13 eq domain

    Extended IP access list 121

    permit tcp 154.56.16.0 0.0.7.255 host 200.106.56.13 eq www

    Extended IP access list 131

    permit tcp host 154.56.18.28 host 200.106.56.21 eq 20

    R4#show ip interface

    FastEthernet0/0 is up, line protocol is up (connected)

    Internet address is 154.56.16.1/21

  • 7/30/2019 ACL Listas

    5/13

  • 7/30/2019 ACL Listas

    6/13

    6

    NOTA.- Aca me parece que al R2 hay que denegarle trafico FTP para obligar a que se use el

    Gateway de FTP que es el R3. Entonces:

    R2#show access-lists

    Extended IP access list F0-OUT

    permit udp 160.121.32.0 0.0.31.255 host 200.106.56.13 eq domain

    permit udp 154.56.16.0 0.0.7.255 host 200.106.56.13 eq domain

    Extended IP access list 132

    deny tcp 160.121.32.0 0.0.31.255 host 200.106.56.21 eq 20

    deny tcp 154.56.16.0 0.0.7.255 host 200.106.56.21 eq 20

    R2#show ip interface

    FastEthernet0/0 is up, line protocol is up (connected)

    Internet address is 200.106.56.1/24

    Broadcast address is 255.255.255.255

    Address determined by setup command

    MTU is 1500

    Helper address is not set

    Directed broadcast forwarding is disabled

    Outgoing access list is 132

    PREGUNTA D

    Aparte de las configuraciones anteriores, en adicin van estas:

    R1#show access-lists

    Extended IP access list 110

    permit tcp host 160.121.33.0 host 200.106.56.13 eq domain

    permit tcp host 160.121.53.67 host 200.106.56.13 eq domain

    Extended IP access list 120

  • 7/30/2019 ACL Listas

    7/13

    7

    permit tcp host 160.121.53.67 host 200.106.56.13 eq www

    Extended IP access list 130

    permit tcp 160.121.32.0 0.0.31.255 host 200.106.56.21 eq 20

    Extended IP access list 140

    deny icmp 160.121.32.0 0.0.31.255 200.106.56.0 0.0.0.255

    deny tcp 160.121.32.0 0.0.31.255 200.106.56.0 0.0.0.255 eq 7 He puesto 2 formas ya que

    algunas bibliografas sealan que el trafico ICMP se pone despus del permit o deny. Otros dicen

    que se considera como parte del TCP en puerto 7.

    R1#show ip interface

    FastEthernet0/0 is up, line protocol is up (connected)

    Internet address is 160.121.32.1/19

    Broadcast address is 255.255.255.255

    Address determined by setup command

    MTU is 1500

    Helper address is not set

    Directed broadcast forwarding is disabled

    Outgoing access list is not set

    Inbound access list is 140

    R4#show access-lists

    Extended IP access list 121

    permit tcp 154.56.16.0 0.0.7.255 host 200.106.56.13 eq www

    Extended IP access list 131

    permit tcp host 154.56.18.28 host 200.106.56.21 eq 20

    Extended IP access list 141

    deny tcp 154.56.16.0 0.0.7.255 host 200.106.56.0 eq 7

  • 7/30/2019 ACL Listas

    8/13

    8

    deny icmp 154.56.16.0 0.0.7.255 host 200.106.56.0 De la misma manera he puesto 2 formas

    ya que algunas bibliografas sealan que el trafico ICMP se pone despus del permit o deny. Otros

    dicen que se considera como parte del TCP en puerto 7.

    R4#show ip interface

    FastEthernet0/0 is up, line protocol is up (connected)

    Internet address is 154.56.16.1/21

    Broadcast address is 255.255.255.255

    Address determined by setup command

    MTU is 1500

    Helper address is not set

    Directed broadcast forwarding is disabled

    Outgoing access list is not set

    Inbound access list is 141

    R2#show access-lists

    Extended IP access list F0-OUT

    permit udp 160.121.32.0 0.0.31.255 host 200.106.56.13 eq domain

    permit udp 154.56.16.0 0.0.7.255 host 200.106.56.13 eq domain

    Extended IP access list 132

    deny tcp 160.121.32.0 0.0.31.255 host 200.106.56.21 eq 20

    deny tcp 154.56.16.0 0.0.7.255 host 200.106.56.21 eq 20

    Extended IP access list 150

    permit tcp host 200.106.56.13 160.121.32.0 0.0.31.255 eq 7

    permit tcp host 200.106.56.13 154.56.16.0 0.0.7.255 eq 7

    R2#show ip interface

    FastEthernet0/0 is up, line protocol is up (connected)

    Internet address is 200.106.56.1/24

  • 7/30/2019 ACL Listas

    9/13

    9

    Broadcast address is 255.255.255.255

    Address determined by setup command

    MTU is 1500

    Helper address is not set

    Directed broadcast forwarding is disabled

    Outgoing access list is 132

    Inbound access list is 150

    R3#show access-lists

    Extended IP access list 113

    permit tcp any host 200.106.56.13

    Extended IP access list 151

    permit tcp host 200.106.56.21 160.121.32.0 0.0.31.255 eq 7

    permit tcp host 200.106.56.21 154.56.16.0 0.0.7.255 eq 7

    R3#show ip interface

    FastEthernet0/0 is up, line protocol is up (connected)

    Internet address is 200.106.56.2/24

    Broadcast address is 255.255.255.255

    Address determined by setup command

    MTU is 1500

    Helper address is not set

    Directed broadcast forwarding is disabled

    Outgoing access list is 113

    Inbound access list is 151

    PREGUNTA E

    Aparte de las configuraciones anteriores, en adicin van estas:

  • 7/30/2019 ACL Listas

    10/13

    10

    Intente ejecutar el sgte. Comando, pero el sistema no lo acepta:

    R1(config)#access-list 160 permit tcp 160.121.33.0 0.0.0.0 any eq ssh

    ^

    % Invalid input detected at '^' marker.

    Tampoco acepta el siguiente comando:

    R1(config)#access-list 160 permit tcp 160.121.33.0 0.0.0.0 any eq https

    ^

    % Invalid input detected at '^' marker.

    PREGUNTA F

    Aparte de las configuraciones anteriores, en adicin van estas:

    R1#show access-lists

    Extended IP access list 120

    permit tcp host 160.121.53.67 host 200.106.56.13 eq www

    Extended IP access list 130

    permit tcp 160.121.32.0 0.0.31.255 host 200.106.56.21 eq 20

    Extended IP access list 140

    deny icmp 160.121.32.0 0.0.31.255 200.106.56.0 0.0.0.255

    deny tcp 160.121.32.0 0.0.31.255 200.106.56.0 0.0.0.255 eq 7

    Extended IP access list 170

    permit udp 160.121.32.0 0.0.31.255 any eq 520

    Extended IP access list 171

    permit udp any 160.121.32.0 0.0.31.255 eq 520

    R1#show ip interface

    FastEthernet0/0 is up, line protocol is up (connected)

    Internet address is 160.121.32.1/19

  • 7/30/2019 ACL Listas

    11/13

    11

    Broadcast address is 255.255.255.255

    Address determined by setup command

    MTU is 1500

    Helper address is not set

    Directed broadcast forwarding is disabled

    Outgoing access list is 171

    Inbound access list is 170

    R4#show access-lists

    Extended IP access list 121

    permit tcp 154.56.16.0 0.0.7.255 host 200.106.56.13 eq www

    Extended IP access list 131

    permit tcp host 154.56.18.28 host 200.106.56.21 eq 20

    Extended IP access list 141

    deny tcp 154.56.16.0 0.0.7.255 host 200.106.56.0 eq 7

    deny icmp 154.56.16.0 0.0.7.255 host 200.106.56.0

    Extended IP access list 180

    permit udp 154.56.16.0 0.0.7.255 any eq 520

    Extended IP access list 181

    permit udp any 154.56.16.0 0.0.7.255 eq 520

    R4#show ip interface

    FastEthernet0/0 is up, line protocol is up (connected)

    Internet address is 154.56.16.1/21

    Broadcast address is 255.255.255.255

    Address determined by setup command

    MTU is 1500

    Helper address is not set

  • 7/30/2019 ACL Listas

    12/13

    12

    Directed broadcast forwarding is disabled

    Outgoing access list is 181

    Inbound access list is 180

    R2#show access-lists

    Extended IP access list F0-OUT

    permit udp 160.121.32.0 0.0.31.255 host 200.106.56.13 eq domain

    permit udp 154.56.16.0 0.0.7.255 host 200.106.56.13 eq domain

    Extended IP access list 132

    deny tcp 160.121.32.0 0.0.31.255 host 200.106.56.21 eq 20

    deny tcp 154.56.16.0 0.0.7.255 host 200.106.56.21 eq 20

    Extended IP access list 150

    permit tcp host 200.106.56.13 160.121.32.0 0.0.31.255 eq 7

    permit tcp host 200.106.56.13 154.56.16.0 0.0.7.255 eq 7

    Extended IP access list 190

    permit udp 200.106.56.0 0.0.0.255 any eq 520 (3 match(es))

    Extended IP access list 191

    permit udp any 200.106.56.0 0.0.0.255 eq 520

    R2#show ip interface

    FastEthernet0/0 is up, line protocol is up (connected)

    Internet address is 200.106.56.1/24

    Broadcast address is 255.255.255.255

    Address determined by setup command

    MTU is 1500

    Helper address is not set

    Directed broadcast forwarding is disabled

    Outgoing access list is 191

  • 7/30/2019 ACL Listas

    13/13

    13

    Inbound access list is 190

    R3#show access-lists

    Extended IP access list 113

    permit tcp any host 200.106.56.13

    Extended IP access list 151

    permit tcp host 200.106.56.21 160.121.32.0 0.0.31.255 eq 7

    permit tcp host 200.106.56.21 154.56.16.0 0.0.7.255 eq 7

    Extended IP access list 195

    permit udp 200.106.56.0 0.0.0.255 any eq 520 (3 match(es))

    Extended IP access list 196

    permit udp any 200.106.56.0 0.0.0.255 eq 520

    R3#show ip interface

    FastEthernet0/0 is up, line protocol is up (connected)

    Internet address is 200.106.56.2/24

    Broadcast address is 255.255.255.255

    Address determined by setup command

    MTU is 1500

    Helper address is not set

    Directed broadcast forwarding is disabled

    Outgoing access list is 196

    Inbound access list is 195


Manual del Control de acceso en español - asistp.com€¦ · Los routers se sirven de listas de control de acceso (ACL) para identificar el tráfico que pasa por ellos. Las listas

Manual del Control de acceso en español - asistp.com€¦ · Los routers se sirven de listas de control de acceso (ACL) para identificar el tráfico que pasa por ellos. Las listas

ACL (listas de control de acceso)

ACL (listas de control de acceso)

ACL Reference Guide

ACL Reference Guide

Presentación ACL Directpromo

Presentación ACL Directpromo

LISTAS DE CONTROL DE ACCESO (ACL). ¿ QUE SON LAS ACL ? Listas de instrucciones que se aplican a una interfaz del router.Listas de instrucciones que se.

LISTAS DE CONTROL DE ACCESO (ACL). ¿ QUE SON LAS ACL ? Listas de instrucciones que se aplican a una interfaz del router.Listas de instrucciones que se.

Cortafuegos - vicentesanchez90.files.wordpress.com · Historia de los cortafuegos ... seleccionados serán capaces de pasar a través del firewall. Listas de control de acceso (ACL)

Cortafuegos - vicentesanchez90.files.wordpress.com · Historia de los cortafuegos ... seleccionados serán capaces de pasar a través del firewall. Listas de control de acceso (ACL)

Tarea Mate ACL

Tarea Mate ACL

Fundamentos ACL

Fundamentos ACL

Presentacion acl

Presentacion acl

CONDUCTA A SEGUIR: PACIENTE CON ANTICUERPOS ANTIFOSFOLIPIDO · ANTICUERPOS ANTIFOSFOLIPIDO AL AL + aCL+ ß2 GPI aCL ß2 GPI. aCl IgG AL aCl IgM anti- B 2GPI. PROBLEMA: más de 95%

CONDUCTA A SEGUIR: PACIENTE CON ANTICUERPOS ANTIFOSFOLIPIDO · ANTICUERPOS ANTIFOSFOLIPIDO AL AL + aCL+ ß2 GPI aCL ß2 GPI. aCl IgG AL aCl IgM anti- B 2GPI. PROBLEMA: más de 95%

1 LISTAS DE CONTROL DE ACCESO ACL Semestre 2 Capítulo 11 Carlos Bran cbran@udb.edu.sv.

1 LISTAS DE CONTROL DE ACCESO ACL Semestre 2 Capítulo 11 Carlos Bran [email protected].

I.E.S. Suárez de Figueroa - Contenido · 2020. 11. 23. · Listas de control de acceso (ACL) ..... 20 Comandos para ACL ..... 22 . Unidad 3: Configuración y Administración básica

I.E.S. Suárez de Figueroa - Contenido · 2020. 11. 23. · Listas de control de acceso (ACL) ..... 20 Comandos para ACL ..... 22 . Unidad 3: Configuración y Administración básica

ACL Presentacion

ACL Presentacion

Ejercicio de acl

Ejercicio de acl

Ait Acl 2009

Ait Acl 2009

TÉCNICO SUPERIOR UNIVERSITARIO EN TECNOLOGÍAS DE LA …cndti.utng.edu.mx/.../Cuatrimestre5/2_Administracion_de_redes_de_d… · I. Listas de Control de Acceso (ACL) 9 21 30 II.

TÉCNICO SUPERIOR UNIVERSITARIO EN TECNOLOGÍAS DE LA …cndti.utng.edu.mx/.../Cuatrimestre5/2_Administracion_de_redes_de_d… · I. Listas de Control de Acceso (ACL) 9 21 30 II.

ACL y Wildcar Cisco

ACL y Wildcar Cisco

Presentacion acl low

Presentacion acl low

Listas Listas de control de acceso o de control de acceso o ACL. · 2020. 6. 12. · Listas Listas de control de acceso o ACL. de control de acceso o ACL. Una ACL es una lista secuencial

Listas Listas de control de acceso o de control de acceso o ACL. · 2020. 6. 12. · Listas Listas de control de acceso o ACL. de control de acceso o ACL. Una ACL es una lista secuencial

Acl Català Dimecres

Acl Català Dimecres