ICND2, 4th Day

Routing Protocol on Cat3560 Switch
1. conf t
2. router ospf 9118
3. net [ ] [ ] area 0

Access Control List (ACL) -> Packet Control List
Doing on Layer 3 device

Types:

Standard ACL-> Check SRC IP
Extended ACL-> Check SRC IP, DEST IP, PORT, PROTOCOL

1. conf t
2. access-list ?
3. access-list 10 deny [SRC IP] [0.0.0.0<-Wildcard for one host] [log] 4. exi 5. show access-list

Apply the access list to the closet interface to the destination
1. conf t
2. int fa0/0
3. ip access-group ?
4. ip access-group [acl no] ?
5. ip access-group [acl no] [in/out]

Since The ACL is implicit deny, solution :
1. conf t
2. access-list 10 allow any

**Type all the access list on notepad, one line removed...all gone!!!

Example for Extended ACL:
Apply closet to the source. It is diff with Standard ACL.
This deny telnet from 20.0.0.1-7 to 172.19.90.22 telnet

1. access-list 110 deny tcp 20.0.0.0 0.0.0.7 172.19.90.22 0.0.0.0 eq 23
2. access-list permit any any

Go to the SRC int
1. conf t
2. int fa0/0
3. ip access-list 110 in

Insert new line into existing ACL
1. conf t
2. ip access-list extended 110
3. [5] permit ip 20.0.0.7 0.0.0.0 172.19.90.22 0.0.0.0

Name Access-List
1. conf t
2. ip access-list standard DenyWAN
3. deny host 172.19.90.24
4. permit any

Deny all 20 network to lin vty TS (ACL)
1. enable
2. conf t
3. access-list 20 deny 20.0.0.0 0.0.0.255
4. access-list 20 permit any

5. exi
6. conf t
7. lin vty 0 30
8. access-class 20 in

** permit tcp any any [must specific port number here]

Reflexive ACL
Time-Based ACLs

Network Address Translation
1. Static (1->1)
2. Dynamic (M->M) FCFS
3. Port Address Translation (M->1) Overload

Inside? Outside?
1. conf t
2. ip nat inside source static 20.0.0.88 172.18.70.248
3. ip nat pool ABC 172.18.70.235 172.18.70.239 netmask 255.255.255.0

show ip nat translation
clear ip nat translation *

Port NAT
1. conf t
2. ip nat inside source list 60 int fa0/0 overload
3. int fa0/0
4. ip nat outside
5. ip route 0.0.0.0 0.0.0.0 172.18.70.254