The Cisco ACL is one of the most available packet filters found today. The means by which a Cisco router filters packets is known as an access control list (ACL). An ACL serves as a laundry list of things for the router to look at in the packet header, to decide whether the packet should be permitted or denied access to a network segment. This is the basis of the traffic-control features of a Cisco router.
Routers are a convenient choice for network filtering because they are already a part of your network's infrastructure. One is located at your network's furthermost edge as well as at the intersections of all your network segments. If you want to keep something out of a network segment, the furthermost point is the best place to screen it. This section covers the basic syntax and usage of the Cisco ACL and its environment, the Cisco IOS. All examples in this chapter are illustrated through the use of Cisco ACLs (IOS version 12.1 or greater), although the theories demonstrated can be applied to any packet-filtering system.