Popular Tags:

Access Controls Lists on Multilayer Cisco Catalyst Switches

September 2, 2015 at 12:26 am

download

Did you ever stop and think about just how many options you have for controlling traffic in the data plane on a multilayer Cisco Catalyst switch?

Here is a recap of your options –

  • Port ACL (PACL) – this option is for your Layer 2 switchports. You can apply:
    • IP standard or extended ACLs for controlling IP traffic
    • MAC ACLs for controlling non-IP traffic
  • Router ACL (RACL) – this options is for your Layer 3 ports on the router. You can apply:
    • IP standard or extended ACLs for controlling IP traffic
  • VLAN ACL (VACL) – these are also referred to as VLAN Access Maps. You can apply:
    • IP VLAN maps are for controlling IP traffic
    • MAC VLAN maps are used for controlling non-IP traffic

For most of us – we are well-versed in IP extended and standard access control lists. It is the MAC ACLs of the PACL approach and the VACLs that we need the practice with. I will be sure to publish my CBT Nuggets on this subject on YouTube for all to enjoy.

IPv4 Access Lists in the CCIE Lab Exam

August 30, 2015 at 2:06 pm

Security

I am getting ready for my Nugget on the above subject and I wanted to provide some thoughts and notes here on the blog on this important subject.

I am currently training for a half-marathon. Yes, and thanks for putting up with all of my RunKeeper Tweets on the subject. 🙂 With the training, there are certain metrics you need to hit in order to really determine if you can finish on race day. It is the same way the CCIE. One metric is ACLs. If you do not have them mastered, you are in big trouble on race day. Think about it, you use them for traffic filtering, and then traffic identification for a whole host of features on the devices. QoS, network management, the list goes on and on.

The traffic filtering part gets really scary. Drop one in that is not doctored up for the other traffic required in your lab scenario and you can easily break things well enough to fail. And when you are building the lists, you must really take your time to ensure that you are meeting their specific directions. Are you getting the EXACT traffic they want, in the correct direction?

Here is a list of tips and things to think about for this important topic. These are in no particular order:

  • Read so carefully if you need to build an ACL traffic filter. Often, you will be asked to block something extremely specific, for example, echo-replies. Should you block too generally, like requests and replies, you fail the task.
  • Drawing out the scenario on your scratch paper will often help you with what specifically to match and in what direction.
  • You certainly would want to avoid this in production, but in the lab it is fine to end your ACLs with deny ip any any log-input. This will allow you to see just what you broke in your lab with your ACL!
  • Remember that an outbound ACL will not impact traffic generated by that local router.
  • access-group is used for traffic filtering on your interfaces, while access-class is used for your VTY lines. Remember with the access-class out command, it is controlling where someone can Telnet out of your router AFTER they have already Telnetted into it.

What Do You Want to Learn in the Next VIRL Webinar

August 28, 2015 at 11:46 pm

Startup Stock Photos

Thanks to the huge response to the VIRL webinar conducted with CBT Nuggets and Cisco Systems, we would love to plan another. My idea for a topic is Using AutoNetKit. In this 30 minute presentation we will teach students to make the most of this tool for automating your configurations.

Do you think this idea is awesome? Or perhaps you have another idea for the next Webinar. Let us know in the comments field below!

 

Get Ready – Your CBT Nuggets Experience is Improving!

August 27, 2015 at 12:31 am

Screenshot 2015-08-26 20.29.27

Yes, you are going to be noticing improvements in all aspects of CBT Nuggets. If you are on your PC enjoying classes, you will note a new video player that is better than ever and that will allow us to do cool new things like skin it and pop it out of your browser! Those features will roll out very soon with this new player.

The mobile apps are overhauled and will be hitting your phones and tablets soon. These will just be the beginning as we are committed to incredible updates in the future on a consistent time schedule. Hey, but not as annoying as those weekly Adobe Flash Updates. 🙂

The CBT Nuggets blog is better than ever – be sure to check it out today at blog.cbtnuggets.com, and keep in mind that content is free for everyone.

And last but not least, you are going to notice dramatic improvements in the content across all of our many subject areas. Better visuals, better demos, better instruction – we will never rest!

When I decided to join CBT Nuggets full time, one of the huge factors for me was this relentless desire for improvement that is ingrained in our culture and will never stop. As a subscriber to our content, you made the right choice!

CBT Nuggets and VIRL Team Up for a First Look Webinar

August 26, 2015 at 12:15 am

0vZK6nnG_400x400

Did you miss our VIRL webinar today? No problem – here is a recording for you!

https://cc.readytalk.com/cc/playback/Playback.do?id=8qtwgx

This 30 minute event covers:

  • What is VIRL
  • Purchasing VIRL
  • Installing VIRL
  • Using VIRL to configure Cisco gear from scratch
  • Using the AutoNetKit to automatically generate configurations
  • Using GIT to download pre-built topologies
  • Q and A

If you still need questions answered about VIRL – please use the comments below! Happy emulating!