๐ก๏ธ Network Security & Automation
1
Access Control Lists (ACLs)
What Are ACLs?
ACLs are ordered lists of permit/deny statements applied to router interfaces to filter traffic. Rules are processed top-down; first match wins. An implicit deny all exists at the end of every ACL.
Standard vs Extended ACLs
- Standard ACLs (numbered 1โ99, 1300โ1999) โ filter by source IP only. Place as close to the destination as possible.
- Extended ACLs (numbered 100โ199, 2000โ2699) โ filter by source IP, destination IP, protocol, and port. Place as close to the source as possible.
ACL Placement
- Inbound โ applied before the routing decision; more efficient.
- Outbound โ applied after the routing decision.
Wildcard Masks
ACLs use wildcard masks (inverse of subnet mask). 0 bits = must match, 1 bits = ignore. Wildcard for /24 = 0.0.0.255. Use "host" keyword for single IPs; "any" for all IPs.
2
NAT & Network Automation
NAT (Network Address Translation)
- Static NAT โ one-to-one mapping of private to public IP; used for servers.
- Dynamic NAT โ maps private IPs to a pool of public IPs; no port translation.
- PAT / NAT Overload โ many-to-one; maps multiple private IPs to a single public IP using unique port numbers. Most common โ used in home routers.
Network Automation & Programmability
Modern networks use automation to improve consistency and reduce human error. Key concepts:
- SDN (Software-Defined Networking) โ separates the control plane from the data plane. A centralised controller manages the network.
- REST APIs โ HTTP-based APIs used by network controllers (e.g., Cisco DNA Centre) to communicate with devices. Use JSON or XML data formats.
- Ansible โ agentless automation tool; uses YAML playbooks; ideal for network configuration management.
- Python โ widely used for network automation scripts; libraries: Netmiko, NAPALM, pyATS.