Differences

This shows you the differences between two versions of the page.

--- cisco_for_dummies_cheat_sheet [2016/10/20 16:22] – walkeradmin
+++ cisco_for_dummies_cheat_sheet [2023/03/09 22:35] (current) – external edit 127.0.0.1
@@ Line 8: / Line 8: @@
 interface, configure a switch management interface, and configure an interface to use DHCP for your
 Cisco network.
+\\
 \\
 ===== Configuration modes for Cisco networking =====
@@ Line 14: / Line 15: @@
 \\
 \\
-User EXEC mode:
+**User EXEC mode:**
 \\
-    When you connect to a Cisco device the default configuration mode is user exec mode. With user exec
+    When you connect to a Cisco device the default configuration mode is
-    mode you can view the settings on the device but not make any changes. You know you are in User EXEC
+    user exec mode. With user exec     mode you can view the settings
+    on the device but not make any changes. You know you are in User EXEC
     mode because the IOS prompt displays a “>”.
 \\
-Privileged EXEC mode:
+**Privileged EXEC mode:**
 \\
-    In order to make changes to the device you must navigate to Privileged EXEC mode where you may be
+    In order to make changes to the device you must navigate to Privileged
-    required to input a password. Privileged EXEC mode displays with a “#” in the prompt.
+    EXEC mode where you may be required to input a password. Privileged EXEC
+    mode displays with a “#” in the prompt.
 \\
-Global Configuration mode:
+**Global Configuration mode:**
 \\
     Global Configuration mode is where you go to make global changes to the router such as the hostname.
@@ Line 31: / Line 34: @@
     “conf t” where you will be placed at the “(config)#” prompt.
 \\
-Sub Prompts:
+**Sub Prompts:**
 \\
     There are a number of different sub prompts from Global Configuration mode you can navigate to such
@@ Line 291: / Line 294: @@
 </file>
 \\
+===== Securing your Cisco network by configuring an access control list (ACL) =====
+\\
+ACLs are used to control traffic flow. They can be used allow or deny the flow of traffic. The two main
+types of ACLs are:
+\\
+  * Standard ACLs, which have fewer options for classifying data and controlling traffic flow than Extended ACLs. They are only able to manage traffic based on the source IP address. These ACLs are numbered from 1–99 and from 1300–1999.
+  * Extended ACLs, which offer the ability to filter or control traffic based on a variety of criteria such as source or destination IP addresses, as well as protocol type such as, ICMP, TCP, UDP, or IP. These ACLs are numbered from 100–199 and from 2000–2699.
+\\
+To create a standard ACL, you can use the following example which will create an ACL that allows traffic for the 192.168.8.0/24 network.
+\\
+<file>
+Switch1>enable
+Switch1#configure terminal
+Switch1(config)#access-list 50 permit 192.168.8.0 0.0.0.255
+</file>
+\\
+To create an extended ACL you can use the following example which will create an ACL that allows traffic with addresses in the 192.168.8.0/24 network and tcp ports of either 80 (http) or 443 (https):
+\\
+<file>
+Router1>enable
+Router1#configure terminal
+Router1(config)#access-list 101 remark This ACL is to control the outbound router traffic.
+Router1(config)#access-list 101 permit tcp 192.168.8.0 0.0.0.255 any eq 80
+Router1(config)#access-list 101 permit tcp 192.168.8.0 0.0.0.255 any eq 443
+</file>
+\\
+===== Securing your Cisco network by applying an access control list =====
+\\
+After you have created an Access Control List (ACL), such as ACL 101 created above, you can apply that ACL
+to an interface. In the following example, this ACL is placed to restrict outbound traffic on FastEthernet0/1.
+\\
+<file>
+Router1>enable
+Router1#configure terminal
+Router1(config)#interface FastEthernet0/1
+Router1(config-if)#ip access-group 101 out
+</file>
+\\
+\\