Cisco Access Lists


You can use ACLs to provide packet filtering at the router level. You can use ACLs extensively at a firewall to protect your internal network from the outside world. This section outlines the different types of ACLs that are available to you and the rules (we prefer the word guidelines ) for creating ACLs. A wide variety of ACLs can be leveraged to provide additional layers of security on your network. We talk about a few types of access lists.

graphics/alert_icon.gif

When building ACLs, note that there is an implicit deny statement at the end of the access list.


Standard

Standard ACLs filter traffic based on the network only, and they are not as granular as the extended ACLs. Standard IP access lists range from 1 to 99.

Extended

Extended access lists are more granular and can be used to provide filtering based upon source and destination IP addresses, TCP/UDP ports, and protocols. Extended access lists range from 100 to 199.

You can apply ACLs in two directions:

  • Inbound ” Inbound ACLs are subjected to all traffic coming into the router through an interface.

  • Outbound ” Outbound ACLs are subjected to all traffic leaving the router's interface.

graphics/alert_icon.gif

ACLs are applied on the router at interface level and not at global level. ACLs are created at global level.


Starting with IOS version 12.0(6)S and higher, you can compile access lists on certain Cisco routers. This concept is called Turbo ACLs . Turbo ACL compiles the access list into lookup tables. Packet headers are used to access these lookup tables in small and fixed numbers of lookups. Note that this command was introduced with the high-end Cisco routers, namely the Cisco 7200 series.

Another way of securing Cisco routers is via context-based access control (CBAC). CBAC examines packets as they enter or leave the router's interfaces. This process also determines what application protocol to allow. CBAC was introduced in version 12.0T.



CCSP SECUR Exam Cram 2
CCSP SECUR Exam Cram 2 (642-501)
ISBN: B000MU86IQ
EAN: N/A
Year: 2003
Pages: 291
Authors: Raman Sud

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net