CCNA Certification/Security

Acknowledgements — Introduction — The OSI Model — Application Layer — Transport Layer — Network Layer — Addressing — Routing Protocols — Data Link Layer — Switching — Physical Layer — Router Operation — Advanced Addressing Topics — Advanced Routing Topics — Advanced Switching Topics — Security — WAN — Configuration — Conclusion — References — About the Exam — Cisco Router Commands — Quick Reference Sheet

Security

Managing IP traffic with Access Lists

Access list (ACL) is a sequence of rules that inform the cisco router which network packets it should block and which it should route normaly. By itself, an ACL has no effect on the routing process. In order to take effect, one should apply the ACL to one or more interfaces on the router. Moreover, one should specify whether the rule is applies to incoming or outgoing network traffic.

IPv4 Standard ACLs

Standard ACLs filter IP packets based on their destination only.The access-list command syntax is:

Router(config)# access-list {1-99} {permit | deny} source-addr [source-mask]

IPv4 Extended ACLs

Extended ACLs can filter packets based on protocol type, source and destination addresses, and port numbers.

IPv6 ACLs

One can only assign names to IPv6 ACLs (not numbers).
Compared to IPv4 standard & extended ACLs, there is only one type of IPv6 ACLs.
One should use the command traffic-filter (instead of access-group in IPv4).

References

This article is issued from Wikibooks. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.