html

2025-12-03 15:48:05 +01:00
parent 7f53fcfd14
commit 07abfd6311
1 changed files with 377 additions and 0 deletions
--- a/Klausur/ACL-CheatSheet-Compact.html
+++ b/Klausur/ACL-CheatSheet-Compact.html
@@ -0,0 +1,377 @@
+<!DOCTYPE html>
+<html lang="de">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>ACL CheatSheet - Kompakt</title>
+    <style>
+        * {
+            margin: 0;
+            padding: 0;
+            box-sizing: border-box;
+        }
+        
+        body {
+            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
+            line-height: 1.5;
+            color: #333;
+            background: #f5f5f5;
+            padding: 20px 10px;
+        }
+        
+        .container {
+            max-width: 800px;
+            margin: 0 auto;
+            background: white;
+            padding: 30px;
+            box-shadow: 0 0 10px rgba(0,0,0,0.1);
+        }
+        
+        h1 {
+            color: #1a5490;
+            border-bottom: 3px solid #1a5490;
+            padding-bottom: 10px;
+            margin-bottom: 20px;
+            font-size: 24px;
+        }
+        
+        h2 {
+            color: #2c5aa0;
+            margin-top: 20px;
+            margin-bottom: 12px;
+            font-size: 16px;
+            border-left: 4px solid #2c5aa0;
+            padding-left: 10px;
+        }
+        
+        h3 {
+            color: #3d6fb5;
+            margin-top: 12px;
+            margin-bottom: 8px;
+            font-size: 13px;
+            font-weight: 600;
+        }
+        
+        table {
+            width: 100%;
+            border-collapse: collapse;
+            margin: 12px 0;
+            background: #fafafa;
+            font-size: 13px;
+        }
+        
+        th {
+            background: #1a5490;
+            color: white;
+            padding: 8px;
+            text-align: left;
+            font-weight: 600;
+        }
+        
+        td {
+            padding: 8px;
+            border-bottom: 1px solid #ddd;
+        }
+        
+        tr:hover {
+            background: #f0f0f0;
+        }
+        
+        pre {
+            background: #f4f4f4;
+            border: 1px solid #ddd;
+            border-radius: 3px;
+            padding: 10px;
+            overflow-x: auto;
+            margin: 10px 0;
+            font-family: 'Courier New', Courier, monospace;
+            font-size: 12px;
+            line-height: 1.4;
+        }
+        
+        code {
+            background: #f4f4f4;
+            padding: 2px 4px;
+            border-radius: 2px;
+            font-family: 'Courier New', Courier, monospace;
+            font-size: 12px;
+        }
+        
+        strong {
+            color: #1a5490;
+        }
+        
+        hr {
+            border: none;
+            border-top: 1px solid #e0e0e0;
+            margin: 15px 0;
+        }
+        
+        ul, ol {
+            margin: 8px 0 8px 20px;
+            font-size: 13px;
+        }
+        
+        li {
+            margin-bottom: 4px;
+        }
+        
+        p {
+            margin: 8px 0;
+            font-size: 13px;
+        }
+        
+        .section {
+            margin-bottom: 15px;
+        }
+        
+        .footer {
+            margin-top: 20px;
+            padding-top: 10px;
+            border-top: 1px solid #ddd;
+            text-align: center;
+            color: #666;
+            font-size: 11px;
+        }
+        
+        @media print {
+            body {
+                background: white;
+                padding: 0;
+            }
+            
+            .container {
+                max-width: 100%;
+                margin: 0;
+                padding: 20px;
+                box-shadow: none;
+            }
+            
+            h2 {
+                page-break-after: avoid;
+            }
+            
+            table {
+                page-break-inside: avoid;
+            }
+            
+            pre {
+                page-break-inside: avoid;
+            }
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>ACL CheatSheet – Kompakt</h1>
+        <p style="text-align: center; color: #666; margin-bottom: 15px; font-size: 12px;">
+            Standard und Extended Access Control Lists | CISCO Router
+        </p>
+
+        <h2>📋 Übersicht</h2>
+        <table>
+            <thead>
+                <tr>
+                    <th>Merkmal</th>
+                    <th>Standard</th>
+                    <th>Extended</th>
+                </tr>
+            </thead>
+            <tbody>
+                <tr>
+                    <td><strong>Nummernbereich</strong></td>
+                    <td>1-99, 1300-1399</td>
+                    <td>100-199, 2000-2699</td>
+                </tr>
+                <tr>
+                    <td><strong>Filter</strong></td>
+                    <td>Quell-IP</td>
+                    <td>Quelle, Ziel, Protokoll, Port</td>
+                </tr>
+                <tr>
+                    <td><strong>Position</strong></td>
+                    <td>Entfernt oder Interface-nah</td>
+                    <td>Quelle-nah</td>
+                </tr>
+            </tbody>
+        </table>
+
+        <hr>
+
+        <h2>🔧 Standard ACL (Numbered)</h2>
+        
+        <h3>Syntax</h3>
+        <pre>access-list &lt;nummer&gt; [permit | deny] &lt;quell-ip&gt; [wildcard-maske]</pre>
+        
+        <h3>Beispiel</h3>
+        <pre>access-list 10 permit 192.168.1.0 0.0.0.255
+access-list 10 deny any</pre>
+        
+        <h3>Interface-Anwendung</h3>
+        <pre>Router(config)# interface FastEthernet 0/0
+Router(config-if)# ip access-group 10 in</pre>
+
+        <hr>
+
+        <h2>⚙️ Extended ACL (Numbered)</h2>
+        
+        <h3>Syntax</h3>
+        <pre>access-list &lt;nummer&gt; [permit | deny] &lt;protokoll&gt; &lt;quelle&gt; &lt;quelle-wc&gt;
+  &lt;ziel&gt; &lt;ziel-wc&gt; [operatoren]</pre>
+        
+        <h3>Beispiel</h3>
+        <pre>access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80
+access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 443
+access-list 100 deny ip any any</pre>
+        
+        <h3>Interface-Anwendung</h3>
+        <pre>Router(config)# interface Serial 0/0
+Router(config-if)# ip access-group 100 out</pre>
+
+        <hr>
+
+        <h2>📛 Standard Named ACL</h2>
+        
+        <h3>Syntax</h3>
+        <pre>Router(config)# ip access-list standard &lt;name&gt;
+Router(config-std-nacl)# [permit | deny] &lt;quell-ip&gt; [wildcard-maske]
+Router(config-std-nacl)# exit</pre>
+        
+        <h3>Beispiel</h3>
+        <pre>Router(config)# ip access-list standard ALLOW_ADMIN
+Router(config-std-nacl)# permit host 192.168.1.1
+Router(config-std-nacl)# deny any
+Router(config-std-nacl)# exit
+Router(config)# interface FastEthernet 0/1
+Router(config-if)# ip access-group ALLOW_ADMIN in</pre>
+
+        <hr>
+
+        <h2>⚙️ Extended Named ACL</h2>
+        
+        <h3>Syntax</h3>
+        <pre>Router(config)# ip access-list extended &lt;name&gt;
+Router(config-ext-nacl)# [permit | deny] &lt;protokoll&gt; &lt;quelle&gt; &lt;quelle-wc&gt;
+  &lt;ziel&gt; &lt;ziel-wc&gt; [operatoren]
+Router(config-ext-nacl)# exit</pre>
+        
+        <h3>Beispiel</h3>
+        <pre>Router(config)# ip access-list extended WEB_TRAFFIC
+Router(config-ext-nacl)# permit tcp any 10.0.0.0 0.0.0.255 eq 80
+Router(config-ext-nacl)# permit tcp any 10.0.0.0 0.0.0.255 eq 443
+Router(config-ext-nacl)# deny ip any any
+Router(config-ext-nacl)# exit</pre>
+
+        <hr>
+
+        <h2>🎯 Wildcard Masking</h2>
+        
+        <p><strong>Grundprinzip:</strong> 0 = Bit vergleichen | 1 = Bit ignorieren</p>
+        
+        <table>
+            <thead>
+                <tr>
+                    <th>Wildcard</th>
+                    <th>Bedeutung</th>
+                </tr>
+            </thead>
+            <tbody>
+                <tr><td><code>0.0.0.0</code></td><td>Genau diese IP (host)</td></tr>
+                <tr><td><code>0.0.0.255</code></td><td>/24 Subnetz</td></tr>
+                <tr><td><code>0.0.255.255</code></td><td>/16 Subnetz</td></tr>
+                <tr><td><code>255.255.255.255</code></td><td>Alle (any)</td></tr>
+            </tbody>
+        </table>
+
+        <hr>
+
+        <h2>📊 Protokolle & Ports</h2>
+        
+        <h3>Protokolle</h3>
+        <ul>
+            <li><code>ip</code> – Alle IP-Protokolle</li>
+            <li><code>tcp</code> – Transmission Control Protocol</li>
+            <li><code>udp</code> – User Datagram Protocol</li>
+            <li><code>icmp</code> – Internet Control Message Protocol</li>
+        </ul>
+
+        <h3>Häufige Ports</h3>
+        <table>
+            <thead>
+                <tr>
+                    <th>Service</th>
+                    <th>Port</th>
+                    <th>Service</th>
+                    <th>Port</th>
+                </tr>
+            </thead>
+            <tbody>
+                <tr><td>HTTP</td><td>80</td><td>DNS</td><td>53</td></tr>
+                <tr><td>HTTPS</td><td>443</td><td>DHCP</td><td>67,68</td></tr>
+                <tr><td>SSH</td><td>22</td><td>NTP</td><td>123</td></tr>
+                <tr><td>Telnet</td><td>23</td><td>SNMP</td><td>161,162</td></tr>
+                <tr><td>SMTP</td><td>25</td><td></td><td></td></tr>
+            </tbody>
+        </table>
+
+        <hr>
+
+        <h2>🔧 Operatoren & Schlüsselwörter</h2>
+        
+        <table>
+            <thead>
+                <tr>
+                    <th>Operator</th>
+                    <th>Bedeutung</th>
+                    <th>Beispiel</th>
+                </tr>
+            </thead>
+            <tbody>
+                <tr><td><code>eq</code></td><td>equal (gleich)</td><td><code>eq 80</code></td></tr>
+                <tr><td><code>neq</code></td><td>not equal</td><td><code>neq 22</code></td></tr>
+                <tr><td><code>gt</code></td><td>greater than</td><td><code>gt 1023</code></td></tr>
+                <tr><td><code>lt</code></td><td>less than</td><td><code>lt 1024</code></td></tr>
+                <tr><td><code>range</code></td><td>Bereich</td><td><code>range 1000 2000</code></td></tr>
+                <tr><td><code>established</code></td><td>Rückantworten</td><td>Stateful filtering</td></tr>
+                <tr><td><code>host</code></td><td>Einzelne IP</td><td><code>host 192.168.1.1</code></td></tr>
+                <tr><td><code>any</code></td><td>Alle Adressen</td><td>Wildcard 255.255.255.255</td></tr>
+            </tbody>
+        </table>
+
+        <hr>
+
+        <h2>🔍 Verwaltung & Debugging</h2>
+        
+        <h3>ACLs anzeigen</h3>
+        <pre>Router# show access-lists
+Router# show access-lists 100
+Router# show ip access-lists</pre>
+
+        <h3>ACLs löschen</h3>
+        <pre>Router(config)# no access-list 100
+Router(config)# ip access-list extended WEB_TRAFFIC
+Router(config-ext-nacl)# no 5</pre>
+
+        <h3>Interface-Anwendung prüfen</h3>
+        <pre>Router# show ip interface &lt;interface&gt; | include access list</pre>
+
+        <hr>
+
+        <h2>⚠️ Wichtige Regeln</h2>
+        
+        <ul>
+            <li><strong>First-Match-Prinzip:</strong> Erste zutreffende Regel wird angewendet</li>
+            <li><strong>Implizites Deny:</strong> Ohne explizite Erlaubnis = verweigert</li>
+            <li><strong>Spezifisch vor Allgemein:</strong> Spezifische Regeln vorne positionieren</li>
+            <li><strong>Inbound vs. Outbound:</strong> Richtige Richtung beachten (in/out)</li>
+            <li><strong>Wildcard invers:</strong> Wildcard ≠ Subnetzmaske (invertiert!)</li>
+        </ul>
+
+        <div class="footer">
+            <p><strong>ACL CheatSheet – Kompakt</strong><br>
+            CISCO Router | 3. Lehrjahr Fachinformatik Systemintegration<br>
+            <em>Drucken: Strg+P | In PDF speichern: Drucken → Als PDF speichern</em></p>
+        </div>
+    </div>
+</body>
+</html>