Cisco ACL Editor and Simulator

David Davis — Tue, 14 Aug 2007 06:00:00 +0000

I consider myself fortunate to run across a new program called the Cisco ACL Editor and Simulator. This program allows you to create ACLs in Windows GUI application by filling out fields on a form. Even better, it allows you to then take that ACL and simulate what traffic would pass through the ACL. This way, you can test your ACL’s before you apply them, saving a huge amount of time and effort.

The Cisco ACL Editor and Simulator is written by a sharp young programmer and Cisco expert from the United Kingdom. You can download and evaluation for free.

I spoke with the developer, Gareth O. Evans, and he said that the Cisco ACL Editor and Simulator was developed in C#.NET (.NET 2.0) as part of a final year BSc (Hons) Computer Networks degree while studying at the University of Wales, Wrexham, North Wales, United Kingdom.

Gareth said that these are some of the possible developments for the application in the future:

TCP/UDP Port Range
Port Name Recognition (www, dns, smtp, pop3, ntp, ftp, ftp-data etc)
A visual WildCardMask Editor for new Cisco Router users!

The application is available as a 30 day eval and then it is available for purchase at a reasonable cost after that.

Here is what it looks like to create and edit standard ACLs with the Cisco ACL Editor:

Here is what it looks like to create and edit extended ACLs with the Cisco ACL Editor:

And here is a screenshot of how you can simulate traffic passing through (or not passing through) the ACLs you created – a very powerful feature!

To learn more about our Cisco CCNA video training, click here.

Or, to download a free evaluation copy of the Cisco ACL Editor and Simulator, click here.

FREE VIDEO: Harden your Cisco Router with IOS ACLs

David Davis — Thu, 09 Aug 2007 15:00:00 +0000

Recently, I created a short video that shows you how to secure your Cisco router using Access-control lists (ACL) in the Cisco IOS. It is a step-by-step ten-minute video. It was originally published over at SearchNetworking.com.

In this video, I walk you through the steps you’ll need to take to use Cisco IOS access control lists (ACLs) to define and filter traffic for better network security.

I recommend Train Signal Cisco CCNA Video Training!

Here is my network diagram (click on it to enlarge it):

Here is the actual ACL used in the video:

! SAMPLE ACL
!
!Notes-
!DNS resolution must be happening locally
!Default gateways must be configured on each side of the network
!If you were doing this between a LAN and the Internet, you would have NAT to
take into account
!Reflexive access-lists or firewall features can be used to improve on this

ip access-list extended less-secure
remark allow all hosts on 10 net to access web server
permit tcp 10.1.1.0 0.0.0.255 host 192.168.1.200 eq www
permit tcp 10.1.1.0 0.0.0.255 host 192.168.1.200 eq 443

remark allow RESPONSE to secure PC’s requets for access to web, ftp control,
data, smtp, and pop3 on 10 net
permit tcp 10.1.1.0 0.0.0.255 eq www host 192.168.1.201
permit tcp 10.1.1.0 0.0.0.255 eq ftp host 192.168.1.201
permit tcp 10.1.1.0 0.0.0.255 eq ftp-data host 192.168.1.201
permit tcp 10.1.1.0 0.0.0.255 eq smtp host 192.168.1.201
permit tcp 10.1.1.0 0.0.0.255 eq pop3 host 192.168.1.201

ip access-list extended more-secure
remark allow web server to respond to all hosts on 10 net
permit tcp host 192.168.1.200 eq www 10.1.1.0 0.0.0.255
permit tcp host 192.168.1.200 eq 443 10.1.1.0 0.0.0.255

remark allow PC full access to make requests to less secure network
permit tcp host 192.168.1.201 10.1.1.0 0.0.0.255

int fa4
ip access-group less-secure in

int vlan1
ip access-group more-secure in

Happy Router.com » ACL

Cisco ACL Editor and Simulator

FREE VIDEO: Harden your Cisco Router with IOS ACLs