Access list - Using Access Control Lists Access Control...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
Using Access Control Lists Access Control Lists used to implement security in routers powerful tool for network control filter packets flow in or out of router interfaces restrict network use by certain users or devices deny or permit traffic
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Rules Followed When Traffic Is Compared To An ACL Is done in sequential order; line 1, line 2, line 3 e.t.c Is compared with the access list until a match is made; then NO further comparisons are made There is an implicit “deny all” at the end of each access list; if a packet does not match in the access list, it will be discarded
Background image of page 2
Using Access Control Lists Standard IP Access Lists (1 - 99) simpler address specifications generally permits or denies entire protocol suite Extended IP Access Lists (100 - 199) more complex address specification generally permits or denies specific protocols
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Beyond the Limit of ACL Numbers Cisco has added expanded the ranges for both. Standard ACLs ( 1300-1999 ) Extended ACLs ( 2000-2699 ) Note: These ACLs work just like the 1-99 and 100-199 Of course, that may not be enough for all you access control needs, so the IOS provides for named ACLs Benefits No limit on the number of ACLs you can configure Can use the no permit or no deny to remove individual statements
Background image of page 4
Access Control List Syntax Standard IP Access List Configuration Syntax access-list access-list-number {permit | deny} source {source-mask} ip access-group access-list-number {in | out} Extended IP Access List Configuration Syntax access-list access-list-number {permit | deny} protocol source {source-mask} destination {destination-mask} ip access-group access-list-number {in | out}
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Where To Place Access Control Lists Place Standard IP access list close to destination Place Extended IP access lists close to the source of the traffic you want to manage
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 06/13/2010 for the course CITX CITX 1150 taught by Professor P.whalen during the Fall '09 term at British Columbia Institute of Technology.

Page1 / 22

Access list - Using Access Control Lists Access Control...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online