Lernfeld11b/Klausur/ACL-CheatSheet-Compact.html

<!DOCTYPE html>
<html lang="de">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>ACL CheatSheet - Kompakt</title>
    <style>
        * {
            margin: 0;
            padding: 0;
            box-sizing: border-box;
        }
        
        body {
            font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
            line-height: 1.5;
            color: #333;
            background: #f5f5f5;
            padding: 20px 10px;
        }
        
        .container {
            max-width: 800px;
            margin: 0 auto;
            background: white;
            padding: 30px;
            box-shadow: 0 0 10px rgba(0,0,0,0.1);
        }
        
        h1 {
            color: #1a5490;
            border-bottom: 3px solid #1a5490;
            padding-bottom: 10px;
            margin-bottom: 20px;
            font-size: 24px;
        }
        
        h2 {
            color: #2c5aa0;
            margin-top: 20px;
            margin-bottom: 12px;
            font-size: 16px;
            border-left: 4px solid #2c5aa0;
            padding-left: 10px;
        }
        
        h3 {
            color: #3d6fb5;
            margin-top: 12px;
            margin-bottom: 8px;
            font-size: 13px;
            font-weight: 600;
        }
        
        table {
            width: 100%;
            border-collapse: collapse;
            margin: 12px 0;
            background: #fafafa;
            font-size: 13px;
        }
        
        th {
            background: #1a5490;
            color: white;
            padding: 8px;
            text-align: left;
            font-weight: 600;
        }
        
        td {
            padding: 8px;
            border-bottom: 1px solid #ddd;
        }
        
        tr:hover {
            background: #f0f0f0;
        }
        
        pre {
            background: #f4f4f4;
            border: 1px solid #ddd;
            border-radius: 3px;
            padding: 10px;
            overflow-x: auto;
            margin: 10px 0;
            font-family: 'Courier New', Courier, monospace;
            font-size: 12px;
            line-height: 1.4;
        }
        
        code {
            background: #f4f4f4;
            padding: 2px 4px;
            border-radius: 2px;
            font-family: 'Courier New', Courier, monospace;
            font-size: 12px;
        }
        
        strong {
            color: #1a5490;
        }
        
        hr {
            border: none;
            border-top: 1px solid #e0e0e0;
            margin: 15px 0;
        }
        
        ul, ol {
            margin: 8px 0 8px 20px;
            font-size: 13px;
        }
        
        li {
            margin-bottom: 4px;
        }
        
        p {
            margin: 8px 0;
            font-size: 13px;
        }
        
        .section {
            margin-bottom: 15px;
        }
        
        .footer {
            margin-top: 20px;
            padding-top: 10px;
            border-top: 1px solid #ddd;
            text-align: center;
            color: #666;
            font-size: 11px;
        }
        
        @media print {
            body {
                background: white;
                padding: 0;
            }
            
            .container {
                max-width: 100%;
                margin: 0;
                padding: 20px;
                box-shadow: none;
            }
            
            h2 {
                page-break-after: avoid;
            }
            
            table {
                page-break-inside: avoid;
            }
            
            pre {
                page-break-inside: avoid;
            }
        }
    </style>
</head>
<body>
    <div class="container">
        <h1>ACL CheatSheet – Kompakt</h1>
        <p style="text-align: center; color: #666; margin-bottom: 15px; font-size: 12px;">
            Standard und Extended Access Control Lists | CISCO Router
        </p>

        <h2>📋 Übersicht</h2>
        <table>
            <thead>
                <tr>
                    <th>Merkmal</th>
                    <th>Standard</th>
                    <th>Extended</th>
                </tr>
            </thead>
            <tbody>
                <tr>
                    <td><strong>Nummernbereich</strong></td>
                    <td>1-99, 1300-1399</td>
                    <td>100-199, 2000-2699</td>
                </tr>
                <tr>
                    <td><strong>Filter</strong></td>
                    <td>Quell-IP</td>
                    <td>Quelle, Ziel, Protokoll, Port</td>
                </tr>
                <tr>
                    <td><strong>Position</strong></td>
                    <td>Entfernt oder Interface-nah</td>
                    <td>Quelle-nah</td>
                </tr>
            </tbody>
        </table>

        <hr>

        <h2>🔧 Standard ACL (Numbered)</h2>
        
        <h3>Syntax</h3>
        <pre>access-list &lt;nummer&gt; [permit | deny] &lt;quell-ip&gt; [wildcard-maske]</pre>
        
        <h3>Beispiel</h3>
        <pre>access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 deny any</pre>
        
        <h3>Interface-Anwendung</h3>
        <pre>Router(config)# interface FastEthernet 0/0
Router(config-if)# ip access-group 10 in</pre>

        <hr>

        <h2>⚙️ Extended ACL (Numbered)</h2>
        
        <h3>Syntax</h3>
        <pre>access-list &lt;nummer&gt; [permit | deny] &lt;protokoll&gt; &lt;quelle&gt; &lt;quelle-wc&gt;
  &lt;ziel&gt; &lt;ziel-wc&gt; [operatoren]</pre>
        
        <h3>Beispiel</h3>
        <pre>access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 443
access-list 100 deny ip any any</pre>
        
        <h3>Interface-Anwendung</h3>
        <pre>Router(config)# interface Serial 0/0
Router(config-if)# ip access-group 100 out</pre>

        <hr>

        <h2>📛 Standard Named ACL</h2>
        
        <h3>Syntax</h3>
        <pre>Router(config)# ip access-list standard &lt;name&gt;
Router(config-std-nacl)# [permit | deny] &lt;quell-ip&gt; [wildcard-maske]
Router(config-std-nacl)# exit</pre>
        
        <h3>Beispiel</h3>
        <pre>Router(config)# ip access-list standard ALLOW_ADMIN
Router(config-std-nacl)# permit host 192.168.1.1
Router(config-std-nacl)# deny any
Router(config-std-nacl)# exit
Router(config)# interface FastEthernet 0/1
Router(config-if)# ip access-group ALLOW_ADMIN in</pre>

        <hr>

        <h2>⚙️ Extended Named ACL</h2>
        
        <h3>Syntax</h3>
        <pre>Router(config)# ip access-list extended &lt;name&gt;
Router(config-ext-nacl)# [permit | deny] &lt;protokoll&gt; &lt;quelle&gt; &lt;quelle-wc&gt;
  &lt;ziel&gt; &lt;ziel-wc&gt; [operatoren]
Router(config-ext-nacl)# exit</pre>
        
        <h3>Beispiel</h3>
        <pre>Router(config)# ip access-list extended WEB_TRAFFIC
Router(config-ext-nacl)# permit tcp any 10.0.0.0 0.0.0.255 eq 80
Router(config-ext-nacl)# permit tcp any 10.0.0.0 0.0.0.255 eq 443
Router(config-ext-nacl)# deny ip any any
Router(config-ext-nacl)# exit</pre>

        <hr>

        <h2>🎯 Wildcard Masking</h2>
        
        <p><strong>Grundprinzip:</strong> 0 = Bit vergleichen | 1 = Bit ignorieren</p>
        
        <table>
            <thead>
                <tr>
                    <th>Wildcard</th>
                    <th>Bedeutung</th>
                </tr>
            </thead>
            <tbody>
                <tr><td><code>0.0.0.0</code></td><td>Genau diese IP (host)</td></tr>
                <tr><td><code>0.0.0.255</code></td><td>/24 Subnetz</td></tr>
                <tr><td><code>0.0.255.255</code></td><td>/16 Subnetz</td></tr>
                <tr><td><code>255.255.255.255</code></td><td>Alle (any)</td></tr>
            </tbody>
        </table>

        <hr>

        <h2>📊 Protokolle & Ports</h2>
        
        <h3>Protokolle</h3>
        <ul>
            <li><code>ip</code> – Alle IP-Protokolle</li>
            <li><code>tcp</code> – Transmission Control Protocol</li>
            <li><code>udp</code> – User Datagram Protocol</li>
            <li><code>icmp</code> – Internet Control Message Protocol</li>
        </ul>

        <h3>Häufige Ports</h3>
        <table>
            <thead>
                <tr>
                    <th>Service</th>
                    <th>Port</th>
                    <th>Service</th>
                    <th>Port</th>
                </tr>
            </thead>
            <tbody>
                <tr><td>HTTP</td><td>80</td><td>DNS</td><td>53</td></tr>
                <tr><td>HTTPS</td><td>443</td><td>DHCP</td><td>67,68</td></tr>
                <tr><td>SSH</td><td>22</td><td>NTP</td><td>123</td></tr>
                <tr><td>Telnet</td><td>23</td><td>SNMP</td><td>161,162</td></tr>
                <tr><td>SMTP</td><td>25</td><td></td><td></td></tr>
            </tbody>
        </table>

        <hr>

        <h2>🔧 Operatoren & Schlüsselwörter</h2>
        
        <table>
            <thead>
                <tr>
                    <th>Operator</th>
                    <th>Bedeutung</th>
                    <th>Beispiel</th>
                </tr>
            </thead>
            <tbody>
                <tr><td><code>eq</code></td><td>equal (gleich)</td><td><code>eq 80</code></td></tr>
                <tr><td><code>neq</code></td><td>not equal</td><td><code>neq 22</code></td></tr>
                <tr><td><code>gt</code></td><td>greater than</td><td><code>gt 1023</code></td></tr>
                <tr><td><code>lt</code></td><td>less than</td><td><code>lt 1024</code></td></tr>
                <tr><td><code>range</code></td><td>Bereich</td><td><code>range 1000 2000</code></td></tr>
                <tr><td><code>established</code></td><td>Rückantworten</td><td>Stateful filtering</td></tr>
                <tr><td><code>host</code></td><td>Einzelne IP</td><td><code>host 192.168.1.1</code></td></tr>
                <tr><td><code>any</code></td><td>Alle Adressen</td><td>Wildcard 255.255.255.255</td></tr>
            </tbody>
        </table>

        <hr>

        <h2>🔍 Verwaltung & Debugging</h2>
        
        <h3>ACLs anzeigen</h3>
        <pre>Router# show access-lists
Router# show access-lists 100
Router# show ip access-lists</pre>

        <h3>ACLs löschen</h3>
        <pre>Router(config)# no access-list 100
Router(config)# ip access-list extended WEB_TRAFFIC
Router(config-ext-nacl)# no 5</pre>

        <h3>Interface-Anwendung prüfen</h3>
        <pre>Router# show ip interface &lt;interface&gt; | include access list</pre>

        <hr>

        <h2>⚠️ Wichtige Regeln</h2>
        
        <ul>
            <li><strong>First-Match-Prinzip:</strong> Erste zutreffende Regel wird angewendet</li>
            <li><strong>Implizites Deny:</strong> Ohne explizite Erlaubnis = verweigert</li>
            <li><strong>Spezifisch vor Allgemein:</strong> Spezifische Regeln vorne positionieren</li>
            <li><strong>Inbound vs. Outbound:</strong> Richtige Richtung beachten (in/out)</li>
            <li><strong>Wildcard invers:</strong> Wildcard ≠ Subnetzmaske (invertiert!)</li>
        </ul>

        <div class="footer">
            <p><strong>ACL CheatSheet – Kompakt</strong><br>
            CISCO Router | 3. Lehrjahr Fachinformatik Systemintegration<br>
            <em>Drucken: Strg+P | In PDF speichern: Drucken → Als PDF speichern</em></p>
        </div>
    </div>
</body>
</html>