0 paul browning 2017 wwwin60dayscom rs and ra

Info icon This preview shows pages 33–36. Sign up to view the full content.

View Full Document Right Arrow Icon
Cisco CCENT Cram Guide v3.0 © Paul Browning 2017 RS and RA messages are for router-to-host or host-to-router exchanges EUI Addressing In the first step of creating the EUI-64 address, the value FFFE is inserted into the middle of the MAC address, thereby expanding the MAC (bia below) address from 48 bits, which is 12 hexadecimal characters, to 64 bits, which is 16 hexadecimal characters. The second step of EUI-64 addressing entails the setting of the seventh bit of the 64-bit address. This seventh bit is used to identify whether the MAC address is unique. 32 R2#show interface FastEthernet0/0 FastEthernet0/0 is up, line protocol is up Hardware is AmdFE, address is 0013.1986.0a20 (bia 0013.1986.0a20) Internet address is 10.0.1.1/30 R2#show ipv6 interface FastEthernet0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::213:19FF:FE86:A20 Global unicast address(es): 3FFF:1A2B:3C4D:5E6F:213:19FF:FE86:A20, subnet is
Image of page 33

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cisco CCENT Cram Guide v3.0 © Paul Browning 2017 IPv4 Access Lists Access lists are a set of conditions that permit or deny access to or through a router’s interface. Range Usage 1-99 IP Standard 1300-1999 IP Standard (Expanded Range) 100-199 IP Extended 2000-2699 IP Extended (Expanded Range) Standard Access Lists Standard IP access lists check only the source address of the packet and permits or denies the entire TCP/IP suite. You cannot choose a particular port or application to block. Cisco recommends that they are placed as close to the destination as possible. Router(config)#access-list{number 1-99}{permit/deny}{source address} access-list 10 permit 172.16.5.2 address can be a host or network Extended Access Lists These allow for a lot more granularity when filtering IP traffic. They can filter packets based on source or destination, a particular IP protocol and port number. Cisco recommends that they are placed as close to the source as possible. Named Access Lists Sample Configs 33 Router(config)#ip access-list {standard/extended} name Router(config)#ip access-list extended no_ftp Router(config)#access-list {number 100-99}{permit/deny}{protocol} {source}{destination}{port} access-list 112 permit tcp host 172.16.5.2 host 172.16.10.2 eq www
Image of page 34
Cisco CCENT Cram Guide v3.0 © Paul Browning 2017 EXTENDED ACL Router A STANDARD ACL Router A NAMED ACL Router A Access lists applied to inbound interfaces save the router having to process the packet, denied packets will be dropped at the interface. Outbound access lists will be processed by the router and then dropped at the outbound interface if they match the access list. Access lists can be applied to multiple interfaces but there can only be one access list per protocol per direction per interface. Use the term access-class if applying to console/aux/vty lines Packets are processed by the access list and then routed.
Image of page 35

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 36
This is the end of the preview. Sign up to access the rest of the document.
  • Winter '17
  • James Smith
  • Computer Science, IP address, Paul Browning, Cram Guide v3, CCENT Cram Guide, Cisco CCENT Cram