Extended Access Control Lists (ACLs) breakdown

I’m working on ACLs, so I thought I would write something about them. I’ve come across a lot of  good information like Cisco is easy's ACL posts, but I wanted to suppliment and visualize the options available when writing or determining what ACLs are doing. So, this tid bit covers  Extended ACLs and the options available to them. 

I wrote up two examples that I hope explore what Extended ACLs can do. It’s important to bare in mind that there are 3 ways to write the address portions of an ACL.

 The first is with the “host” option:

access-list 110 permit tcp host 10.0.200.1 any eq 80

 The second is via wild card mask:

access-list 110 permit tcp 172.16.26.2 0.0.31.255 any eq 80

The third is the “any” option which can also be written as “0.0.0.0 255.255.255.255” .

access-list 110 permit tcp any any eq 80

or  

access-list 110 permit tcp 0.0.0.0 255.255.255.255 any eq 80

The last trick to keep in mind is when applying ACL filtering to all traffic from a subnet or IP range, the source traffic type should be “IP” - 

access-list 192 deny IP any 10.1.1.0 0.255.255.255 

This ACL denies everything to the 10.1.1.0/8 network. This essentially blocks all IP traffic. 

--

Let’s look at two examples:

The first example denies the workstation with address 192.168.10.1 access to web services on any server in the 10.1.0.0 /16 subnet. In this case, traffic destined for http (port 80) will get filtered no matter what source port it originates from. 

access-list 110 deny tcp host 192.168.10.1 10.1.1.0 0.0.255.255 eq 80

The second example is to permit tftp traffic from any host in the 192.160.0.0 /20 network to any server in the 10.1.1.0/24 network. With this ACL I am not only filtering traffic going to port 69, but I’m only allowing that traffic to originate from port 69. Granted this is something you’ll never see, it proves the point of filtering source ports as well as destination.

access-list 198 permit udp 192.168.20.0 0.0.15.255 eq tftp 10.1.1.0 0.0.0.255 eq 69

Let's break the ACL down a bit.

Then we should have a look at the options available for extended ACLs.

Flash Cards (follow up)

So, it's been about a month now that I've been integrating flash cards into my CCNA studies in a big way. I wanted to give a bit of an update about my thoughts and usage of the the 2 tools I wrote about previously, Quizlet.com and Mental Case for Iphone/Ipad. I'll start with Quizlet then a brief note on Mental Case.

I have found this to be my main go to app for recording notes. Mental Case has the functionality, but Quizlet is just to accessible to use anything else. Bare in mind Mental Case is much fancier than Quizlet's simple tems and definition approach. Of course, you can add audio and video to Quizlet flash cards, but its a much more cumbersome process than just terms and definitions. Usually, I can read through a chapter or watch a video and then once I'm labbing, take notes and write up the cards. Here is an example set I made on general switch commands:

Choose a Study ModeScatterLearnFlashcards

Study these flash cards

I think their main target audience is more the language student as the format isn't completely natural for technical writing or shell type commands. With that said, the embedded text to speech engine (a small speaker icon appears next to ever term and definition) does a pretty good job of speaking the tech definitions I've accumulated.

There is also an interesting game (the most applicable of 3) I play from time to time, when I find I need a swtich from standard flash cards and still want to progress with learning the subject matter. It's called Scatter:

This game works much better with larger dimentions
Choose a Study ModeScatterLearnFlashcards

Study these flash cards

All in all I think Quizlet is an extremely worthwhile service if your looking to create your own flash cards (or search from their database). So far I've created some 600 flash cards and am about 2/3rds through my studies.

As for Mental Case, I enjoy the app and its polished look, but find it sometimes difficult to navigate. Utilizing it solely as a front/back flash card app works fine, but the app;s study feature benifits have so far eluded me. I suppose I would like a little less polish and a little more customization / functionality in the app, both on the Ipad and Iphone. With that said, I still think its the top flash card study app at this point.

iTunes Store Top 10 Audiobooks - Technology

While in my car for only a short time daily (approx. 15-25 min. to and from work) I generally enjoy listening to Marketplace or one of the morning NPR shows. As of late though, I've been listening to the CCNA Cram Guide Audio version by Paul Browning (requires a paid membership). Its a quick 30 minute guide to some key notes for the exam. Although, after listening to it for a month, it can get a bit old and so I've started looking for something a bit more elaborate. I believe I will end up with "Mastering the CCNA" audiobook as it see well put together and is still inexpensive at $14.95 US. With 4 hours of lecture it should go a bit more in depth than the Cram Guide. This is course is only supplemental to Sybex CCNA v7, The official CCNA Study Guide, Packet Tracer, and videos.

"Mastering the CCNA" Chritopher Parker  

Meanwhile, the search lead me to an interesting page on Apple's UK site, the "iTunes Store Top 10 Audiobooks - Technology". Interesingly, the US site doesn't appear to have this chart, yet the UK site includes the US statistic as its first listing. Additionally, I'm not sure what the interval is for the statistics. Still, it's an intereting chart and has some good audio books listed.

*20110825  - I looked again today at the page and the statistics have changed. I suppose this means the updates are daily.