Scribd Logo
Importer

Bienvenue sur Scribd !

  • Security, NAT and PAT

    Transféré par

    khalidx2007
    29 vues3 pages
    Security, NAT and PAT

    Titre original

    Security , NAT and PAT

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Security, NAT and PAT

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    29 vues3 pages

    Security, NAT and PAT

    Transféré par

    khalidx2007
    Security, NAT and PAT

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 3

    Security

    Dynamic Access Control List: ACL that can permit or deny according to username and password.

    Standard Access Control List: ACL that can permit or deny according to SRC IP address.

    Named standard ACL Numbered standard ACL


    "New" "Old"

    (config)#ip access-list standard name (config)#access-list number {permit/deny} SRC


    (config)#{permit/deny} SRC IP WCM IP WCM
    (config)#permit any (config)#permit any
    Creating ACL
    **ACL number is a range between 1 : 99 and
    1300 : 1999**

    (config-if)#ip access-group ACL name or Number {IN/OUT}


    Activating ACL (config-if)#ip access-class ACL name or Number {IN/OUT} // Virtual terminal
    Extended Access Control List: ACL that can permit or deny according to SRC IP address, DST IP address, Protocols and Applications.

    Named extended ACL Numbered extended ACL


    "New" "Old"

    (config)#ip access-list extended name


    (config)#access-list number {permit/deny}
    (config)# {permit/deny} Protocol SRC IP +WCM
    Protocol SRC IP + WCM DST IP + WCM eq Port#
    DST IP + WCM eq Port#
    (config)#permit ip any any
    Creating ACL (config)#permit ip any any
    **ACL number is a range between 100 : 199
    and 2000 : 2699**

    (config-if)#ip access-group ACL name or Number {IN/OUT}


    Activating ACL
    (config-if)#ip access-class ACL name or Number {IN/OUT} // Virtual terminal

    (config-if)#switchport port-security MAC address // only this MAC is allowed on that port and in case of violation port shutdowns

    (config-if)#switchport port-security maximum 2


    (config-if)#switchport port-security mac A
    // only two MAC addresses (A and B) are allowed "up to 1024 MAC"
    (config-if)#switchport port-security mac B
    (config-if)#switchport port-security violation restrict And in case of violation deny any other MAC address
    For Extended ACLs: they are activated on the nearest interface to the source
    unlike the standard ACLs they must be activated on the nearest interface to
    the destination.

    NAT configurations:

    Dynamically:
    (config)#int __
    (config-if)#ip nat inside
    (config)#int __
    (config-if)#ip nat outside
    (config)#ip nat pool name start ip end ip netmask subnetmask
    (config)#ip nat inside source list ACL# pool name

    Statically:
    (config)#ip nat inside source static private ip public ip

    PAT configurations:

    (config)#int __
    (config-if)#ip nat inside
    (config)#int __
    (config-if)#ip nat outside
    (config)#ip nat inside source list ACL# interface __ overload

    Vous aimerez peut-être aussi