Introduction to Access Lists
|
Rather Have Fast and Secure Remote
Control?
|
At the most basic level, an access list is no more than a list of packet filters applied to a router interface. Access lists inspect network packets based on criteria such as source address, destination address, protocols, and port numbers. The rules specified in an access list are then used to either permit or deny the traffic. For example, an access list entry might specify that traffic from network 192.168.25.0/24 should be denied. When network traffic is encountered on the interface, with the access list applied, the router will inspect the packet. If the source address is from the range listed, the packet will be denied, and dropped.
Tip: Cisco generally recommends that access lists be implemented at the distribution layer. Although they are sometimes used at the access layer as well, it is strongly recommended that you avoid implementing access lists at the core layer, since they slow down packet forwarding rates due to the inspection process that takes place.
In order to appreciate access lists, you must keep a few key things in mind. The first is that an access list is nothing more than a series of packet filtering rules. However, this list of rules does nothing until it is applied to a router interface. That’s important to remember – first you define an access list, and then apply it to an interface. Access lists can be applied to an interface to control inbound traffic, outbound traffic, or both. After being applied to an interface, an access list can still have packet-filtering rules added to it. It’s also important to keep in mind that access lists only filter traffic that moves through a router. As such, access lists do nothing to filter traffic that remains local.
While an access list that specifies a single rule may be simple, things get a little more complex as additional rules are added. An access list can be made up of many rules, each of which specifies whether certain types of traffic should be permitted or denied. In order to completely understand how access lists filter traffic, you’ll need to understand how rules are evaluated, the different types of access lists that exist, and how access lists are applied to interfaces.
Written by Dan DiNicolo - Visit Website
Next post in CCNA Study Guide Chapter 09:
Access List Evaluation Rules
Next post in Access Lists:
Access List Evaluation Rules
Previous post in CCNA Study Guide Chapter 09:
Cisco IOS Access Lists
Previous post in Access Lists:
Cisco IOS Access Lists
All Tutorials by Category:
- CCDA Study Guide
- CCNA Study Guide Chapter 01
- CCNA Study Guide Chapter 02
- CCNA Study Guide Chapter 03
- CCNA Study Guide Chapter 04
- CCNA Study Guide Chapter 05
- CCNA Study Guide Chapter 06
- CCNA Study Guide Chapter 07
- CCNA Study Guide Chapter 08
- CCNA Study Guide Chapter 09
- CCNA Study Guide Chapter 10
- CCNA Study Guide Chapter 11
- CCNA Study Guide Chapter 12
- Cognos
- Computer Hardware
A
C
D
E
F
G
H
I
L
M
N
Entire site Copyright © 1999-2007 2000Trainers.com, all rights reserved.
Content on this site may not be copied or reproduced in any way without permission.
