From 07abfd63111d9877709e374e7a41fd675fc13611 Mon Sep 17 00:00:00 2001 From: Max Blendowski Date: Wed, 3 Dec 2025 15:48:05 +0100 Subject: [PATCH] html --- Klausur/ACL-CheatSheet-Compact.html | 377 ++++++++++++++++++++++++++++ 1 file changed, 377 insertions(+) create mode 100644 Klausur/ACL-CheatSheet-Compact.html diff --git a/Klausur/ACL-CheatSheet-Compact.html b/Klausur/ACL-CheatSheet-Compact.html new file mode 100644 index 0000000..f9222c0 --- /dev/null +++ b/Klausur/ACL-CheatSheet-Compact.html @@ -0,0 +1,377 @@ + + + + + + ACL CheatSheet - Kompakt + + + +
+

ACL CheatSheet – Kompakt

+

+ Standard und Extended Access Control Lists | CISCO Router +

+ +

📋 Übersicht

+ + + + + + + + + + + + + + + + + + + + + + + + + +
MerkmalStandardExtended
Nummernbereich1-99, 1300-1399100-199, 2000-2699
FilterQuell-IPQuelle, Ziel, Protokoll, Port
PositionEntfernt oder Interface-nahQuelle-nah
+ +
+ +

🔧 Standard ACL (Numbered)

+ +

Syntax

+ 
access-list <nummer> [permit | deny] <quell-ip> [wildcard-maske]
+ +

Beispiel

+ 
access-list 10 permit 192.168.1.0 0.0.0.255
+access-list 10 deny any
+ +

Interface-Anwendung

+ 
Router(config)# interface FastEthernet 0/0
+Router(config-if)# ip access-group 10 in
+ +
+ +

⚙️ Extended ACL (Numbered)

+ +

Syntax

+ 
access-list <nummer> [permit | deny] <protokoll> <quelle> <quelle-wc>
+  <ziel> <ziel-wc> [operatoren]
+ +

Beispiel

+ 
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80
+access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 443
+access-list 100 deny ip any any
+ +

Interface-Anwendung

+ 
Router(config)# interface Serial 0/0
+Router(config-if)# ip access-group 100 out
+ +
+ +

📛 Standard Named ACL

+ +

Syntax

+ 
Router(config)# ip access-list standard <name>
+Router(config-std-nacl)# [permit | deny] <quell-ip> [wildcard-maske]
+Router(config-std-nacl)# exit
+ +

Beispiel

+ 
Router(config)# ip access-list standard ALLOW_ADMIN
+Router(config-std-nacl)# permit host 192.168.1.1
+Router(config-std-nacl)# deny any
+Router(config-std-nacl)# exit
+Router(config)# interface FastEthernet 0/1
+Router(config-if)# ip access-group ALLOW_ADMIN in
+ +
+ +

⚙️ Extended Named ACL

+ +

Syntax

+ 
Router(config)# ip access-list extended <name>
+Router(config-ext-nacl)# [permit | deny] <protokoll> <quelle> <quelle-wc>
+  <ziel> <ziel-wc> [operatoren]
+Router(config-ext-nacl)# exit
+ +

Beispiel

+ 
Router(config)# ip access-list extended WEB_TRAFFIC
+Router(config-ext-nacl)# permit tcp any 10.0.0.0 0.0.0.255 eq 80
+Router(config-ext-nacl)# permit tcp any 10.0.0.0 0.0.0.255 eq 443
+Router(config-ext-nacl)# deny ip any any
+Router(config-ext-nacl)# exit
+ +
+ +

🎯 Wildcard Masking

+ +

Grundprinzip: 0 = Bit vergleichen | 1 = Bit ignorieren

+ + + + + + + + + + + + + + +
WildcardBedeutung
0.0.0.0Genau diese IP (host)
0.0.0.255/24 Subnetz
0.0.255.255/16 Subnetz
255.255.255.255Alle (any)
+ +
+ +

📊 Protokolle & Ports

+ +

Protokolle

+ + +

Häufige Ports

+ + + + + + + + + + + + + + + + +
ServicePortServicePort
HTTP80DNS53
HTTPS443DHCP67,68
SSH22NTP123
Telnet23SNMP161,162
SMTP25
+ +
+ +

🔧 Operatoren & Schlüsselwörter

+ + + + + + + + + + + + + + + + + + + +
OperatorBedeutungBeispiel
eqequal (gleich)eq 80
neqnot equalneq 22
gtgreater thangt 1023
ltless thanlt 1024
rangeBereichrange 1000 2000
establishedRückantwortenStateful filtering
hostEinzelne IPhost 192.168.1.1
anyAlle AdressenWildcard 255.255.255.255
+ +
+ +

🔍 Verwaltung & Debugging

+ +

ACLs anzeigen

+ 
Router# show access-lists
+Router# show access-lists 100
+Router# show ip access-lists
+ +

ACLs löschen

+ 
Router(config)# no access-list 100
+Router(config)# ip access-list extended WEB_TRAFFIC
+Router(config-ext-nacl)# no 5
+ +

Interface-Anwendung prüfen

+ 
Router# show ip interface <interface> | include access list
+ +
+ +

⚠️ Wichtige Regeln

+ + + +
+

ACL CheatSheet – Kompakt
+ CISCO Router | 3. Lehrjahr Fachinformatik Systemintegration
+ Drucken: Strg+P | In PDF speichern: Drucken → Als PDF speichern

+
+
+ + \ No newline at end of file