Professional Documents
Culture Documents
Access List
Access List
It filters only traffic coming in or going through your router. It does not filter traffic which origins from the router. Its kind of "Firewall"-Feature. You can permit or deny traffic from or to a network or host, and can filter on special ports. Its useable for "basic" security. For komplex Firewall settings, better use a "real" Firewall, because to much filtering can make the device slower, cause each paket has to be checked, and the more rulez are configured, the more the CPU of the router has to work.
There are two kinds of Access Lists on Cisco Routers 1. Standart ACLs -Numbered from 1-99 (and some higher ranges) -filter ONLY on SOURCE IP -needed to permit or deny a single source ip or source network to access another network or host 2. Extended ACLs -Numbered from 100-199 (and some higher ranges) -filter on Source IP and protocols and ports/applications -needed to filter only traffic from a specified host or network and specified protocols and ports ACLs can be identified by numbers, or by names.
Handling of Access-Lists
2. Select the Interface where the Access List will filter pakets.
ALL the statements build ONE Access List. Bind the ACL on an interface with command "ip access-group <acl-number> <in or out>" interface e0
3. Placement of ACLs
Put standart ACLs close to the Destination Host or Network which has to be protected Put extended ACLs close to the Source Hosts or Network, from where the traffic will origin.
4. You can put ONE ACL per Interface, per Protocol, per Direction
You cant bind more than one ACL to an Interface per Direction (incoming or outgoing).