Networking Assignment: ACL, NAT, Subnetting, and Protocols

Verified

Added on 2022/08/17

AI Summary

This assignment delves into core networking concepts, addressing questions on Access Control Lists (ACLs), Network Address Translation (NAT), and subnetting. It explores the purpose, implementation, and considerations of ACLs, including standard and extended ACLs, wildcard masks, and the 'log' keyword. The assignment also covers NAT, differentiating between static, dynamic, and PAT configurations, and explaining their prevalence. Additionally, it provides calculations for dynamically assignable IP addresses within NAT pools. Furthermore, the assignment includes discussion on VLSM, route summarization, and troubleshooting network issues related to IPv4 settings, DNS, DHCP, and subnetting plans. Finally, the document reviews and explains the use of various network utilities such as ping, extended ping, trace route, extended trace route, telnet, and SSH.

Running head: - NETWORKING
NETWORKING
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1NETWORKING
Table of Contents
1. Assignment-7.........................................................................................................................2
1.1 Question-1........................................................................................................................2
1.2 Question-2........................................................................................................................2
1.3 Question-3........................................................................................................................2
1.4 Question-4...................................................................................................................3
1.5 Question-5...................................................................................................................4
1.6 Question-6...................................................................................................................4
1.7 Question-7...................................................................................................................4
1.8 Question-8...................................................................................................................5
1.9 Question-9...................................................................................................................5
1.10 Question-10....................................................................................................................6
1.11 Question-11....................................................................................................................6
1.12 Question-12....................................................................................................................6
1.13 Question-13....................................................................................................................7
1.14 Question-14....................................................................................................................7
1.15 Question-15....................................................................................................................8
2. References..............................................................................................................................9

2NETWORKING
1. Assignment-7
1.1 Question-1
What is the purpose of ACLs?
This refers to the list for the access control with the help of which the access as well
as the denial to the services are specifically controlled. When integrated into the routers as
well as the firewalls, these act as the filters for filtering out the traffic present on the network
(Tourani et al. 2017). Hence, it can be stated that the purpose of the ACLs is to specifically
control the access and provision with the denial situation-specific.
1.2 Question-2
How do you view location and direction when applying ACLs?
To view the location as well as the direction while specifically applying the ACL can
be retrieved with the use of show ip command for the verification of the ACL that is applied
to the correctly existing interface (Abro et al.. 2016). Hence, from this the output will display
the direction of the access list as well as the site where it has been specifically applied.
1.3 Question-3
What is the difference between standard and extended ACLs? List the number ranges used
for each.
In particular, a standard ACL provisions with the allowance to prioritize the traffic
with the help of the source IP address while on the other hand, the extended ACL provisions
with a greater control of all the traffic that has been prioritized (Venugopal and Venugopal
2019). Extended ACLs in addition to this can also make use of the parameter named the IP
address of the source.

3NETWORKING
Number range for Standard ACL:
Protocol Range
Standard IP 1–99 and 1300–1999
Extended IP 100–199 and 2000–2699
Ethernet type code 200–299
Ethernet address 700–799
Number range for Extended ACL:
The range for the extended ACL is from 100-199 as well as 2000-2699.
1.4 Question-4
List some important considerations concerning ACL logic and statement order.
Some of the important considerations for making use of ACL logic and that of
statement order are,
i) Performance- that includes considering the particular performance while making
proper utilization of access lists.
ii) Logging- ability of routers to make use of other computers for the purpose of
logging (Simanjuntak and Suharyanto 2017).
iii) Network layer security- routers communicating with packets do not have a look
inside the contents of the packets that needs to be considered.
iv) Directionality- access lists should be provisioned with the definition both inbound
as well as outbound to extract the maximum amount of efficiency in terms of
security benefits.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4NETWORKING
v) Configuration- access lists might not work if not configured properly. This is the
most primary component that needs to be considered while making use of access
lists.
1.5 Question-5
What is the “shortcut” for finding an ACL wildcard mask to match a specific subnet?
The easiest method for matching a subnet with that of an ACL is to make use of the
shortcut. This can be done by making use of the subnet number in the form of an address
value as a part of the access-list command (Raihan and Afroze 2016). On the other hand,
usage of a wildcard mask can be specifically found by subtracting the subnet mask from
255.255.255.255.
1.6 Question-6
List the steps for implementing a standard ACL.
The following steps can be typically followed for carrying out a proper
implementation of the ACL,
i) Designing the entire network in accordance to the network topology.
ii) Clearing out of any existing configurations present on the respective router.
iii) Creation of an ACL on router.
iv) Application of the ACL (Laksono and Nasution 2020).
v) Testing of the ACL.
vi) Configuration of the extended ACL.
vii) Application of the extended ACL again.
viii) Testing of the ACL if it is working.

5NETWORKING
1.7 Question-7
What action does the “log” keyword placed at the end of an ACL statement cause?
The optional keyword that is log present at the end of the command can cause the
router to generate a syslog every single time a packet specifically matches to that of the
present ACL (Allen 2016). The log message has the primary inclusion of the ACL number,
IP address of the source, specific action that has been undertaken within the packet as well as
the number of specific matches from that of the source within a time span of five-minute.
1.8 Question-8
What are some of the major protocols used in the Protocol Type field in an extended ACL
statement?
The majorly existing protocols that can be used within the Protocol Type field within
the extended ACL statement are (Liu, Holden and Wu 2017),
i) TCP/IP.
ii) ICMP.
iii) UDP.
iv) OSPF.
1.9 Question-9
Explain the placement considerations that are different with extended ACLs over standard
ACLs.
In terms of the placement considerations, for the standard ACLs the implicit deny is
deny any of the access authorization made by external sources having no real authorization
(Dahlan and Zulianto 2019). On the other hand, for the extended ACLs, there is a provision

6NETWORKING
for application of ACL log and the relative function to that of the ACEs having the inclusion
of explicit ‘deny’ action.
1.10 Question-10
What are the methods for editing lines out of and into ACLs?
The commonly existing methods for editing existing ACLs have been mentioned
below that can be properly utilized (Kentis, Berger and Soler 2017),
i) Making use of CLI for editing the ACLs.
ii) Sequence numbering within the ACLs.
iii) General editing rules.
1.11 Question-11
What other device access can be controlled by ACLs?
The following devices can be controlled with the help of ACLs,
i) Proximity reader.
ii) Keypad reader.
iii) Multi-technology reader.
iv) Biometric reader (Ouaddah et al.. 2017).
v) Mag-locks.
vi) Mag Stripe Reader.
vii) Requesting of exit-motion.
viii) Emergency release button.
1.12 Question-12
Lastly, list the major ACL implementation considerations.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7NETWORKING
For the major ACL implementation, the following considerations need to be kept in
mind (Zhang et al.. 2018),
i) Understanding of the organization environment as well as the organizational
structure.
ii) Figuring out of supported user-to-IP Mapping and the relative strategies.
iii) Implementation of the user-to-IP mapping and the relative strategy that has been
selected.
iv) Ensuring of the policies related to the business for justifying the access controls
that are completely based upon the users.
v) Implementation of the policy that are completely based upon the users.
1.13 Question-13
How are static and dynamic NAT different?
The primary difference can be stated as that Static NAT puts forward the creation of a
fixed translation of all the privately related addresses to that of the public addresses. The
static NAT provisions with the allowance of having a remotely existing host for initiating the
connection to that of a translated host if the present access list allows the same. On the other
hand, the dynamically existing NAT does not provision with the allowance of this at any cost.
1.14 Question-14
Why is NAT overload or PAT a more popular solution than standard static or dynamic
NAT for most organizations?
Static or Dynamic NAT specifically is used for mapping the publicly existing IP
address to that of the privately existing IP address to create one-to-one or to many-to-one
relation. While, on the other hand PAT refers to NAT where the multiply existing IP
addresses that are private are specifically mapped into the single IP address that is public with

8NETWORKING
the usage of ports. Hence, it can be stated that the usage of NAT overload or that of PAT can
be considered to be a popular solution for majority of the organizations within the field of
business.
1.15 Question-15
How many dynamically assignable IP addresses are created with the following commands;
Ip nat pool test1 155.50.160.0 155.50.191.255 netmask 255.255.224.0
Number of dynamically assignable IP addresses- 8190.
Ip nat pool test1 195.10.173.128 195.10.173.135 netmask 255.255.255.248
Number of dynamically assignable IP addresses- 6.
Ip nat pool test1 10.57.1.64 10.57.1.79 netmask 255.255.255.240
Number of dynamically assignable IP addresses- 14.
Ip nat pool test1 10.1.1.0 10.1.1.5 netmask 255.255.255.240
Number of dynamically assignable IP addresses- 14.

9NETWORKING
2. References
Abro, A.A., Soomro, S., Alansari, Z., Belgaum, M.R. and Khakwani, A.B.K., 2016. Secure
Network in Business-to-Business application by using Access Control List (ACL) and
Service Level Agreement (SLA). arXiv preprint arXiv:1612.07685.
Allen, S.D., 2016. DRACL (Decentralized resource access control list) (Doctoral dissertation,
Massachusetts Institute of Technology).
Dahlan, D. and Zulianto, A., 2019. PERANCANGAN KEAMANAN JARINGAN
KOMPUTER PADA LAYER APPLICATION BERBASIS INTRUSION PREVENTION
SYSTEM (IPS) YANG DI INTEGRASIKAN DENGAN ACCESS CONTROL LIST
(ACLs). Scientia Regendi, 1(1), pp.86-96.
Kentis, A.M., Berger, M.S. and Soler, J., 2017, November. Effects of port congestion in the
gate control list scheduling of time sensitive networks. In 2017 8th International Conference
on the Network of the Future (NOF) (pp. 138-140). IEEE.
Laksono, A.T. and Nasution, M.A.H., 2020. Implementasi Keamanan Jaringan Komputer
Local Area Network Menggunakan Access Control List pada Perusahaan X. Jurnal Sistem
Komputer dan Informatika (JSON), 1(2), pp.83-88.
Liu, X., Holden, B. and Wu, D., 2017, July. Automated synthesis of access control lists.
In 2017 International Conference on Software Security and Assurance (ICSSA) (pp. 104-
109). IEEE.
Ouaddah, A., Mousannif, H., Elkalam, A.A. and Ouahman, A.A., 2017. Access control in the
Internet of Things: Big challenges and new opportunities. Computer Networks, 112, pp.237-
262.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10NETWORKING
Raihan, M. and Afroze, M., 2016. Securing a Network by Using VLAN, Port Security and
Access Control List (Doctoral dissertation, East West University).
Simanjuntak, P. and Suharyanto, C.E., 2017. ANALISIS PENGGUNAAN ACCESS
CONTROL LIST (ACL) DALAM JARINGAN KOMPUTER DI KAWASAN
BATAMINDO INDUSTRIAL PARK BATAM. Journal Information System Development
(ISD), 2(2).
Tourani, R., Misra, S., Mick, T. and Panwar, G., 2017. Security, privacy, and access control
in information-centric networking: A survey. IEEE communications surveys &
tutorials, 20(1), pp.566-600.
Venugopal, S.B. and Venugopal, S.B., 2019. Automatic Generation of Access Control List on
Mellanox Switch For DDoS Attack Mitigation Using DDoS Fingerprints (Master's thesis,
University of Twente).
Zhang, Y., Kasahara, S., Shen, Y., Jiang, X. and Wan, J., 2018. Smart contract-based access
control for the internet of things. IEEE Internet of Things Journal, 6(2), pp.1594-1605.