ACL's Overview.pdf - Access Control Lists Overview and...

This preview shows page 1 - 3 out of 6 pages.

Access Control Lists: Overview and Guidelines SC-129 Access Control Lists: Overview and Guidelines Cisco provides basic traffic filtering capabilities with access control lists (also referred to as access lists ). Access lists can be configured for all routed network protocols (IP, AppleTalk, and so on.) to filter those protocols’ packets as the packets pass through a router. You can configure access lists at your router to control access to a network: access lists can prevent certain traffic from entering or exiting a network. In This Chapter This chapter describes access lists as part of a security solution. This chapter includes tips, cautions, considerations, recommendations, and general guidelines for how to use access lists. This chapter has these sections: About Access Control Lists Overview of Access List Configuration Creating Access Lists Applying Access Lists to Interfaces Find Complete Configuration and Command Information for Access Lists About Access Control Lists This section briefly describes what access lists do; why and when you should configure access lists; and basic vs. advanced access lists. What Access Lists Do Access lists filter network traffic by controlling whether routed packets are forwarded or blocked at the router’s interfaces. Your router examines each packet to determine whether to forward or drop the packet, based on the criteria you specified within the access lists. Access list criteria could be the source address of the traffic, the destination address of the traffic, the upper-layer protocol, or other information. Note that sophisticated users can sometimes successfully evade or fool basic access lists because no authentication is required.
Image of page 1

Subscribe to view the full document.

SC-130 Security Configuration Guide About Access Control Lists Why You Should Configure Access Lists There are many reasons to configure access lists—for example, you can use access lists to restrict contents of routing updates, or to provide traffic flow control. But one of the most important reasons to configure access lists is to provide security for your network; this is the reason focused on in this chapter. You should use access lists to provide a basic level of security for accessing your network. If you do not configure access lists on your router, all packets passing through the router could be allowed onto all parts of your network. For example, access lists can allow one host to access a part of your network, and prevent another host from accessing the same area. In Figure 6, Host A is allowed to access the Human Resources network and Host B is prevented from accessing the Human Resources network. Figure 6 Using Traffic Filters to Prevent Traffic from being Routed to a Network You can also use access lists to decide which types of traffic are forwarded or blocked at the router interfaces. For example, you can permit e-mail traffic to be routed, but at the same time block all Telnet traffic.
Image of page 2
Image of page 3
  • Fall '17

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern