Lab 29: Configuring Access Lists, Named Access Lists, and EIGRP Route Filters-Part I
| < Free Open Study > |
Chapter 14. Understanding IP Access ListsIn many modern networks, there eventually comes a point when full IP reachability is no longer desirable. The reasons for this can range from security concerns to political concerns, such as the merging of two companies with the same IP address space assigned. And sooner, or later, the request will come "Can we just allow ?", and you will be forced to deal with access lists. Controlling routing updates, traffic paths, and protocols can be one of the more challenging aspects of router configuration. Understanding binary math and how it relates to the access list is critical to access lists. Critical to traffic filters is understanding the protocol characteristics of the protocol that you are trying to filter. This chapter covers access lists in general and explains why binary arithmetic is important. It also covers the different types of IP access lists: standard, extended, dynamic, and named. NOTE Understanding the way a protocol works is key to writing a filter for it. When writing a filter for an IP protocol, you must know what port a client uses to initiate a connection to a server. You also must know the port number on which the server sends data to the client because the two might not be the same. As you will see later in this section, FTP is a good example of a protocol that sends data on a different port than the port on which the session is initiated. If you're having problems writing specific IP traffic filters, consult a reference such as Richard Stevens' TCP/IP Illustrated or Douglas Comer's Internetworking with TCP/IP for more details on how that specific protocol might be operating. |
| < Free Open Study > |
EAN: 2147483647
Pages: 283