{"id":3100,"date":"2020-07-30T01:07:12","date_gmt":"2020-07-30T01:07:12","guid":{"rendered":"https:\/\/wiki.thomasandsofia.com\/?p=3100"},"modified":"2020-08-11T11:31:32","modified_gmt":"2020-08-11T11:31:32","slug":"section-24-acls-access-control-lists","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=3100","title":{"rendered":"Section 24: ACLs &#8211; Access Control Lists"},"content":{"rendered":"<p><a href=\"\/section-23-switch-security\/\">&lt; Section 23<\/a> | <a href=\"https:\/\/wiki.thomasandsofia.com\/course-introduction\/\">Home<\/a> | Section 25 &gt;<\/p>\n<p>76% Complete!<\/p>\n<h1>153. Introduction<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/cisco-icnd1\/learn\/lecture\/8677024#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/cisco-icnd1\/learn\/lecture\/8677024#content<\/a><\/p>\n<p>&nbsp;<\/p>\n<h1>154. Access Control Lists Overview<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/cisco-icnd1\/learn\/lecture\/8677036#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/cisco-icnd1\/learn\/lecture\/8677036#content<\/a><\/p>\n<h2>Access Control Lists<\/h2>\n<ul>\n<li>Identifies traffic based on characteristics of the packet, such as source IP, Dest IP, port number<\/li>\n<li>The router or switch can take an action based on the result of the ACL<\/li>\n<li>ACLs are supported on both routers and switches (R\/S).<\/li>\n<\/ul>\n<h2>ACLs for Security<\/h2>\n<ul>\n<li>Original use of ACLs was as a security feature to decide if traffic should be allowed to pass through the R\/S<\/li>\n<li>By default, an R\/S will allow all traffic to pass between its interfaces<\/li>\n<li>When ACLs are applied, the R\/S identifies the traffic and then decides if it will be allowed or not.<\/li>\n<\/ul>\n<h2>Other Uses<\/h2>\n<ul>\n<li>ACLs are also used in other software policies when traffic has to be identified.\n<ul>\n<li>Identify traffic to give better service to in an QoS Quality of Service policy<\/li>\n<li>Identify traffic to translate to a different IP address in a NAT Network Address Translation policy.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>ACE Access Control Entries<\/h2>\n<ul>\n<li>Access Control Lists are made up of Access Control Entries, which are a series of permit or deny rules<\/li>\n<li>Each ACE is written in a separate line<\/li>\n<\/ul>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/ACL-Syntax.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3106\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/ACL-Syntax.png\" alt=\"\" width=\"1004\" height=\"120\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/ACL-Syntax.png 1004w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/ACL-Syntax-300x36.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/ACL-Syntax-768x92.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/ACL-Syntax-150x18.png 150w\" sizes=\"auto, (max-width: 1004px) 100vw, 1004px\" \/><\/a><\/p>\n<pre>access-list Number Action Protocol SourceIP SourceWildCard SourceQualifier SourcePort DestIP DestWildCard DestQualifier DestPort<\/pre>\n<ul>\n<li>The ACL is a series of these commands that form the list.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/ACL-Example.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3107\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/ACL-Example.png\" alt=\"\" width=\"945\" height=\"249\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/ACL-Example.png 945w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/ACL-Example-300x79.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/ACL-Example-768x202.png 768w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/ACL-Example-150x40.png 150w\" sizes=\"auto, (max-width: 945px) 100vw, 945px\" \/><\/a><\/p>\n<p>Note:<\/p>\n<ul>\n<li>Starting with Windows 7, outgoing port numbers start with 49152<\/li>\n<li>Previous versions started with 1024<\/li>\n<\/ul>\n<h1>155. Standard, Extended and Named ACLs<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/cisco-icnd1\/learn\/lecture\/8677042#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/cisco-icnd1\/learn\/lecture\/8677042#content<\/a><\/p>\n<p>Standard vs Extended ACLs<\/p>\n<ul>\n<li>IP standard access list: 1 &#8211; 99<\/li>\n<li>IP extended access list: 100 &#8211; 199<\/li>\n<li>IP standard access list (expanded range): 1300 &#8211; 1999<\/li>\n<li>IP extended access list (expanded range): 2000 &#8211; 2699<\/li>\n<li>! Truncated!<\/li>\n<\/ul>\n<h2>Standard vs Extended<\/h2>\n<ul>\n<li>Standard ACLs only list the source IP address<\/li>\n<li>Extended ACLS also include\n<ul>\n<li>Protocol (TCP\/UDP\/IPMC&#8230;)<\/li>\n<li>Destination address<\/li>\n<li>Port number<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Standard Example<\/h2>\n<pre>r1(config)# access-list 1 deny 10.10.10.10 0.0.0.0\r\nr1(config)# access-list 1 permit 10.10.10.0 0.0.0.255<\/pre>\n<ul>\n<li>The default wildcard mask for a Standard ACL is 0.0.0.0, meaning an idividual host address\n<ul>\n<li>access-list 1 deny 10.10.10.10\n<ul>\n<li>This is the same as &#8216;access-list deny 10.10.10.10 0.0.0.0&#8217;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Do not forget to enter the wildcard when allowing\/blocking an IP subnet\n<ul>\n<li>access-list deny 10.10.10.0 0.0.0.255<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Extended ACL Examples<\/h2>\n<ul>\n<li>Extended ACLs DO NOT have a default wildcard mask!<\/li>\n<\/ul>\n<pre>r1(config)# access-list 100 deny tcp 10.10.10.10 0.0.0.0 gt 49151 10.10.50.10 0.0.0.0 eq 23\r\nr1(config)# access-list 100 permit tcp 10.10.10.0 0.0.0.255 gt 49151 10.10.50.10 0.0.0.0 eq telnet<\/pre>\n<h2>Named Access Lists<\/h2>\n<ul>\n<li>Access Control Lists referenced by name start with `ip`<\/li>\n<\/ul>\n<pre>r1(config)# ip access-list &lt;standard|extended&gt; MyAclName\r\nr1(config-extended-nacl)# permit 10.10.10.0 0.0.0.255<\/pre>\n<p>&nbsp;<\/p>\n<h1>156. ACL Syntax<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/cisco-icnd1\/learn\/lecture\/8677048#content\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/cisco-icnd1\/learn\/lecture\/8677048#content<\/a><\/p>\n<h2>Standard<\/h2>\n<pre>r1(config)# access-list 1 ?\r\n  deny    Specify packets to reject\r\n  permit  Specify packets to forward\r\n  remark  Access list entry comment<\/pre>\n<p>&nbsp;<\/p>\n<h2>Extended<\/h2>\n<pre>r1(config)# access-list 100 ?\r\n  deny     Specify packets to reject\r\n  dynamic  Specify a DYNAMIC list of PERMITs or DENYs\r\n  permit   Specify packets to forward\r\n  remark   Access list entry comment\r\n\r\nr1-dhcp(config)#access-list 100 permit ?\r\n  &lt;0-255&gt;       An IP protocol number\r\n  ahp           Authentication Header Protocol\r\n  eigrp         Cisco's EIGRP routing protocol\r\n  esp           Encapsulation Security Payload\r\n  gre           Cisco's GRE tunneling\r\n  icmp          Internet Control Message Protocol\r\n  igmp          Internet Gateway Message Protocol\r\n  ip            Any Internet Protocol\r\n  ipinip        IP in IP tunneling\r\n  nos           KA9Q NOS compatible IP over IP tunneling\r\n  object-group  Service object group\r\n  ospf          OSPF routing protocol\r\n  pcp           Payload Compression Protocol\r\n  pim           Protocol Independent Multicast\r\n  sctp          Stream Control Transmission Protocol\r\n  tcp           Transmission Control Protocol\r\n  udp           User Datagram Protocol\r\n\r\nr1-dhcp(config)#access-list 100 permit tcp ?\r\n  A.B.C.D       Source address\r\n  any           Any source host\r\n  host          A single source host\r\n  object-group  Source network object group<\/pre>\n<h2>ACL Definitions<\/h2>\n<h3>Protocols<\/h3>\n<ul>\n<li>TCP &amp; UDP\n<ul>\n<li>You can use a specific Port to restrict a specific application<\/li>\n<\/ul>\n<\/li>\n<li>IP &#8211; All traffic. Includes UDP, TCP. ICMP, Network Discovery, Routing Information, etc.<\/li>\n<\/ul>\n<h3>Sources and Destinations<\/h3>\n<ul>\n<li>Wildcards\n<ul>\n<li>0.0.0.0 = 255.255.255.255 subnet mask &#8211; aka, a specific IP address \/ host\n<ul>\n<li>host IP.ADD.RE.SS = IP.ADD.RE.SS 0.0.0.0<\/li>\n<\/ul>\n<\/li>\n<li>any\n<ul>\n<li>any = 0.0.0.0 255.255.255.255<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Port Numbers<\/h3>\n<h4>Source<\/h4>\n<ul>\n<li>any: match all ports (This is the default if not listed)<\/li>\n<li>eq X: port is exactly &#8216;X&#8217;<\/li>\n<li>gt\/lt X: Match packets with a port greater than \/ less than &#8216;X&#8217;<\/li>\n<li>range: Match ports within the range specified<\/li>\n<li>neq X: Not Equal. Port does not match &#8216;X&#8217;<\/li>\n<\/ul>\n<h4>Destination<\/h4>\n<p>Destination ports have well known port numbers built in.<\/p>\n<ul>\n<li>eq www, eq telnet, eq dns, etc<\/li>\n<\/ul>\n<h2>Logging<\/h2>\n<ul>\n<li>To log a packet request that attempts to break an ACL rule, suffix the rule with the word &#8216;log&#8217;<\/li>\n<li>Logging is for an external server or something &#8211; <span style=\"color: #ff0000;\"><strong>INCOMPLETE<\/strong><\/span><\/li>\n<\/ul>\n<pre>access-list 100 deny tcp host 10.10.10.10 10.10.20.0 0.0.0.255 eq ssh log LOG-NAME?<\/pre>\n<h2>Troubleshooting<\/h2>\n<p>show access-lists<\/p>\n<ul>\n<li>These commands will also show you how many log entries matched the rules.\n<ul>\n<li>By &#8216;match&#8217;, it means the traffic was permitted or denied according to the rule.<\/li>\n<li>If you are expecting traffic to flow, but you do not see the count incrementing, it is likely being blocked\/prevented somewhere else. (connectivity? switchport down?)\n<ul>\n<li>&#8216;Log&#8217; keyword is NOT required for these counters.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<pre>#show access-list\r\n#show access-list 100\r\nExtended IP access list 100\r\ndeny tcp host 10.10.10.10 10.10.20.0 0.0.0.0 eq ssh (13 match(es))<\/pre>\n<p>&nbsp;<\/p>\n<h1>157. ACL Operations<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/cisco-icnd1\/learn\/lecture\/8677060#overview\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/cisco-icnd1\/learn\/lecture\/8677060#overview<\/a><\/p>\n<ul>\n<li>ACLs are applied at the Interface Level with the Access-Group command<\/li>\n<li>ACLS can be applied in the Inbound or Outbound direction<\/li>\n<li>You can have a maximum of one ACL per interface per direction<\/li>\n<li>You can have both an inbound and outbound ACL on the same interface\n<ul>\n<li>You cannot have 2 ACLs on one interface with both Inbound or both Outbound<\/li>\n<\/ul>\n<\/li>\n<li>An Interface can have\n<ul>\n<li>No ACLs<\/li>\n<li>1 Inbound<\/li>\n<li>1 Outboud<\/li>\n<li>1 Inbound and 1 Outbound<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Access Group Configuration<\/h2>\n<pre>r1(config)# interface f0\/1\r\nr1(config-if)# ip access-group 100 out\r\nr1(config-if)# ip access-group 101 in<\/pre>\n<h2>ACL Show Commands<\/h2>\n<pre>show running-config\r\nshow ip interface f0\/1 | include access list\r\nshow access-lists\r\nshow access-lists 110<\/pre>\n<h2><strong>Access Control Entry Order<br \/>\n<\/strong><\/h2>\n<ul>\n<li>The order of rules are important!<\/li>\n<li>ACLs are read from top to bottom<\/li>\n<li>As soon as a rule matches the packet, the permit or deny action is applied and the ACL is not processed any further.<\/li>\n<\/ul>\n<p><strong>Example: Deny 10.10.10.10 but permit the rest of 10.10.10.0\/24<\/strong><\/p>\n<pre>access-list 1 deny host 10.10.10.10\r\naccess-list 1 permit 10.10.10.0 0.0.0.255<\/pre>\n<p><strong>Example: Permit all 10.10.10.0\/24 including 10.10.10.10<br \/>\n<\/strong><\/p>\n<pre>access-list 1 permit 10.10.10.0 0.0.0.255\r\naccess-list 1 deny 10.10.10.1<\/pre>\n<p><strong>ACEs (Access Control Entry) are automatically incremented by 10<\/strong><\/p>\n<pre>show access-lists 110\r\nExtended IP access list 110\r\n  10 deny tcp host 10.10.10.10 host 10.10.50.10 eq telnet\r\n  20 permit tcp 10.10.10.0 0.0.0.255 host 10.10.50.10 eq telnet\r\n  30 deny tcp host 10.10.20.10 host 10.10.50.10 eq telnet\r\n  40 permit tcp 10.20.10.0 0.0.0.255 host 10.10.50.10 eq telnet<\/pre>\n<p><strong>Injecting ACEs requires using Named ACL convention<\/strong><\/p>\n<ul>\n<li>This was originally only allowed on named ACLs. but now works on Numbered as well<\/li>\n<\/ul>\n<pre>(config)# ip access-list extended 110\r\n(config-ext-nacl)# 15 deny tcp host 10.10.10.11 host 10.10.50.10 eq telnet\r\n(config-ext-nacl)# end\r\nshow access-lists 110\r\nExtended IP access list 110\r\n10 deny tcp host 10.10.10.10 host 10.10.50.10 eq telnet\r\n15 deny tcp host 10.10.10.11 host 10.10.50.10 eq telnet\r\n20 permit tcp 10.10.10.0 0.0.0.255 host 10.10.50.10 eq telnet\r\n30 deny tcp host 10.10.20.10 host 10.10.50.10 eq telnet\r\n40 permit tcp 10.20.10.0 0.0.0.255 host 10.10.50.10 eq telnet<\/pre>\n<h2>Implicit Deny All<\/h2>\n<ul>\n<li>There is an implicit &#8216;deny any any` rule at the bottom of ACLs<\/li>\n<li>If an ACL is not applied to an interface, all traffic is allowed.<\/li>\n<li>If an ACL is applied, all traffic is denied except what is explicityly allowed.<\/li>\n<\/ul>\n<p><strong>Example: Traffic from 10.10.10.0\/24 is allowed, all other traffic is denied.<\/strong><\/p>\n<pre>access-list 1 permit 10.10.10.0 0.0.0.255<\/pre>\n<h2>Explicit Permit All<\/h2>\n<ul>\n<li>You can override the implicity &#8216;Deny All&#8217; by adding a Permit All line at the end of the ACL.<\/li>\n<\/ul>\n<pre>access-list 1 deny 10.10.10.0 0.0.0.255\r\naccess-list 1 permit any<\/pre>\n<h2>Traffic Sourced from Router<\/h2>\n<ul>\n<li>ACLs applied to an interface DO NOT apply to traffic that originates from the router itself.<\/li>\n<li>The hosts in the 10.1.1.0\/24 subnet cannot telnet to R2<\/li>\n<li>An Admin can telnet to R2 from the CLI on R1<\/li>\n<\/ul>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/routertraffic.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3116\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/routertraffic.png\" alt=\"\" width=\"737\" height=\"235\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/routertraffic.png 737w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/routertraffic-300x96.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/routertraffic-150x48.png 150w\" sizes=\"auto, (max-width: 737px) 100vw, 737px\" \/><\/a><\/p>\n<pre>(config)# access-list 100 deny tcp any any eq telnet\r\n(config)# int f1\/0\r\n(config-int)# ip access-group 100 out<\/pre>\n<p>&nbsp;<\/p>\n<h1>158. Numbered ACLs Lab Demo<\/h1>\n<p><a href=\"https:\/\/www.udemy.com\/course\/cisco-icnd1\/learn\/lecture\/8677054#overview\" target=\"_blank\" rel=\"noopener\">https:\/\/www.udemy.com\/course\/cisco-icnd1\/learn\/lecture\/8677054#overview<\/a><\/p>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/acllab1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3120\" src=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/acllab1.png\" alt=\"\" width=\"594\" height=\"405\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/acllab1.png 594w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/acllab1-300x205.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/07\/acllab1-150x102.png 150w\" sizes=\"auto, (max-width: 594px) 100vw, 594px\" \/><\/a><\/p>\n<h2>Inital Setup<\/h2>\n<ul>\n<li>All PCs have connectivity everywhere.<\/li>\n<li>My lab has an additional 10.1.0.2\/24 on R2 F0\/1<\/li>\n<\/ul>\n<pre>R1# show ip route\r\n\u00a0    10.0.0.0\/8 is variably subnetted, 4 subnets, 2 masks\r\nC       10.0.2.0\/24 is directly connected, FastEthernet1\/0\/21\r\nC       10.0.0.0\/24 is directly connected, FastEthernet1\/0\/1\r\nS       10.1.0.0\/16 [1\/0] via 10.0.0.2\r\nC       10.0.1.0\/24 is directly connected, FastEthernet1\/0\/11<\/pre>\n<h2>Example 1: PCs in 10.0.2.0\/24 should not have connectivity to R2<\/h2>\n<p><strong>Using a standard ACL<\/strong><\/p>\n<pre>R1(config)# access-list 21 deny 10.0.2.0 0.0.0.255\r\nR1(config)# access-list 21 permit 10.0.1.0 0.0.0.255\r\nR1(config)# int f1\/0\/1\r\nip access-group 21 out<\/pre>\n<p><strong>Test<\/strong><\/p>\n<pre>PC3$ ping 10.0.0.2\r\nPING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.\r\nFrom 10.0.2.1 icmp_seq=1 Packet filtered\r\nFrom 10.0.2.1 icmp_seq=2 Packet filtered\r\nFrom 10.0.2.1 icmp_seq=3 Packet filtered\r\n\r\nPC1$ ping 10.0.0.2\r\nPING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.\r\n64 bytes from 10.0.0.2: icmp_seq=1 ttl=254 time=1.13 ms\r\n64 bytes from 10.0.0.2: icmp_seq=2 ttl=254 time=1.10 ms\r\n64 bytes from 10.0.0.2: icmp_seq=3 ttl=254 time=1.10 ms<\/pre>\n<h2>You Were Here ~8:00<\/h2>\n<h2>Example 2: Permit telnet from PC1 to R2.\u00a0 All others denied.<\/h2>\n<pre>R1(config)# access-list 100 permit tcp host 10.0.1.10 host 10.0.0.2 eq telnet\r\nR1(config)# access-list 100 deny tcp any host 10.0.0.2 eq telnet\r\nR1(config)# access-list 100 permit ip any any\r\nR1(config)# int f1\/0\/1\r\nR1(config-if)#ip access-group 100 ou<\/pre>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h1>159. Named ACLs Lab Demo<\/h1>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h1>160. Packet Filters vs. Stateful Firewalls<\/h1>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h1>161. Access Control Lists Configuration &#8211; Lab Exercise<\/h1>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&lt; Section 23 | Home | Section 25 &gt; 76% Complete! 153. Introduction https:\/\/www.udemy.com\/course\/cisco-icnd1\/learn\/lecture\/8677024#content &nbsp; 154. Access Control Lists Overview https:\/\/www.udemy.com\/course\/cisco-icnd1\/learn\/lecture\/8677036#content Access Control Lists Identifies traffic based on characteristics of the packet, such as source IP, Dest IP, port number The router or switch can take an action based on the result of the ACL ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/?p=3100\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45],"tags":[],"class_list":["post-3100","post","type-post","status-publish","format-standard","hentry","category-icnd1-ccent"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/3100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3100"}],"version-history":[{"count":13,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/3100\/revisions"}],"predecessor-version":[{"id":3123,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/3100\/revisions\/3123"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}