Welcome
Network Infrastructure
- CEF Table(FIB) and Routing Table
- Switched campus
  - Switch administration (MAC, MTU, Errdisable)
  - Layer 2 protocols (CDP, LLDP, UDLD)
  - VLAN technologies
  - EtherChannel
  - Spanning Tree Protocol
- Routing Concepts
  - Administrative distance
  - VRF-lite
  - Static routing
  - Policy Based Routing
  - Route filtering
  - Manual summarization
  - Redistribution
  - Routing protocol authentication
  - Bidirectional Forwarding Detection
- EIGRP
  - Concept
  - Legacy conf mode
  - Named conf mode
- OSPF
  - Concept
  - Version 2
  - Version 3
- BGP
  - Concept
  - Path selection
  - Configuration
- Multicast
  - Layer 2 multicast
  - Reverse path forwarding check
  - PIM
Transport Technologies and Solutions
- MPLS
  - MPLS Concept
  - MPLS Layer 3 VPN
- DMVPN Concept and conf
Infrastructure Security and Services
- Device Security
  - Control plane policing and protection
  - AAA
- Network Security
  - Switch security features
    - VACL, PACL
    - Storm control
    - DHCP Snooping, DHCP option 82
    - IP Source Guard
    - Dynamic ARP Inspection
    - Port Security
    - Private VLAN
  - Router security features
    - IPv4 Access Control Lists
    - IPv6 Traffic Filters
    - Unicast Reverse Path Forwarding
    - Unicast reverse path forwardin uRPF
  - IPv6 First Hop security features
  - IEEE 802.1X Port-Based Authentication
- System Management
  - Device management
    - Console and VTY
    - SSH, SCP
    - RESTCONF, NETCONF
  - SNMP
  - Logging
- Quality of Service
  - DiffServ
  - CoS and DSCP Mapping
  - Classification
  - Network Based Application Recognition (NBAR)
  - Policing, shaping
  - Congestion management and avoidance
- Network Services
  - First Hop Redundancy Protocols
    - HSRP
    - GLBP, VRRP
    - Redundancy using IPv6 RS/RA
  - Network Time Protocol
  - DHCP on Cisco IOS
    - Client, server, relay
    - Options
    - SLAAC/DHCPv6 interaction
    - Stateful, stateless DHCPv6
    - DHCPv6 Prefix Delegation
  - IPv4 Network Address Translation
    - Static NAT, PAT
    - Dynamic NAT, PAT
    - Policy-based NAT, PAT
    - VRF-aware NAT, PAT
    - DHCPv6 Prefix Delegation
- Network optimization
  - IP SLA
  - Tracking object
  - Flexible NetFlow
- Network operations
  - Traffic capture
    - SPAN
    - RSPAN
    - ERSPAN
    - Embedded Packet Capture
Cisco Firepower
- FTD Notes

ipv4_acl

Published

April 28, 2023

IPv4 Access Control Lists

access control list (ACL)
access control entries (ACE)

Standard ACL 1-99, 1300-1999
Only match on source.

Extended ACL 100-199, 2000-2699.
Match on source, destination, protocol and more …

Numbered ACLs,add sequence automatically

access-list 1 permit 172.16.0.0 0.0.255.255
access-list 1 permit 172.17.0.0 0.0.255.255

Named ACLs

ip access-list extended FTP-port
 permit tcp 192.168.0.0 0.0.0.255 any eq ftp

interface gi 0/0
ip access-group FTP-port in


show ip interaface gig 0/0
outgoing access list is list111
Inbound access list is FTP-port

ACL don’t block router generated traffic.
Be careful if you assign an ACL that is not already created. Has soon you add one ACE in it. The ACL will because active and might block undesirable traffic.

Time-based Access Control Lists

Important to have a sync NTP status.
If the time-range is not meet the ACE is ignore.
Time-range cannot exceed one day.

time-range LateOclock
periodic weekdays 22:00 to 23:59

ip access-list extended TIME-ACL
deny ip any any  time-range LateOclock<

show time-range