DiannnePlunkett17

To pass the CCNA exam, you have to be in a position to write and troubleshoot access lists. As you climb the ladder toward the CCNP and CCIE, you are going to see more and far more uses for ACLs. For that reason, you had far better know the fundamentals!

The use of "host" and "any" confuses some newcomers to ACLs, so let's take a appear at that first.

It is acceptable to configure a wildcard mask of all ones or all zeroes. A wildcard mask of ... means the address specified in the ACL line should be matched precisely a wildcard mask of 255.255.255.255 means that all addresses will match the line.

Wildcard masks have the option of using the word host to represent a wildcard mask of .... Think about a configuration exactly where only packets from IP source ten.1.1.1 must be allowed and all other packets denied. The following ACLs each do that.

R3#conf t

R3(config)#access-list 6 permit 10.1.1.1 ...

R3(config)#conf t

R3(config)#access-list 7 permit host ten.1.1.1

The keyword any can be employed to represent a wildcard mask of 255.255.255.255.

R3(config)#access-list 15 permit any

Another often overlooked detail is the order of the lines in an ACL. Even in a two- or three-line ACL, the order of the lines in an ACL is important.

Take into account a circumstance exactly where packets sourced from 172.18.18. /24 will be denied, but all other people will be permitted. The following ACL would do that.

R3#conf t

R3(config)#access-list 15 deny 172.18.18. ...255

R3(config)#access-list 15 permit any

The previous example also illustrates the value of configuring the ACL with the lines in the right order to get the desired outcomes. What would be the result if the lines had been reversed?

R3#conf t

R3(config)#access-list 15 permit any

R3(config)#access-list 15 deny 172.18.18. ...255

If the lines were reversed, visitors from 172.18.18. /24 would be matched against the initial line of the ACL. The very first line is permit any", which means all site visitors is permitted. The traffic from 172.18.18./24 matches that line, the traffic is permitted, and the ACL stops operating. The statement denying the visitors from 172.18.18. is never run.

The key to writing and troubleshoot access lists is to take just an added moment to read it more than and make positive it's going to do what you intend it to do. It really is better to recognize your mistake on paper as an alternative of when the ACL's been applied to an interface! entrust ssl entrust ssl digital signature