CCNA Certification/Security

From Wikibooks, open books for an open world
Jump to navigation Jump to search


Managing IP traffic with Access Lists[edit]

Access list (ACL) is a sequence of rules that inform the cisco router which network packets it should block and which it should route normaly. By itself, an ACL has no effect on the routing process. In order to take effect, one should apply the ACL to one or more interfaces on the router. Moreover, one should specify whether the rule is applies to incoming or outgoing network traffic.

IPv4 Standard ACLs[edit]

Standard ACLs filter IP packets based on their destination only.The access-list command syntax is:

Router(config)# access-list {1-99} {permit | deny} source-addr [source-mask]

IPv4 Extended ACLs[edit]

Extended ACLs can filter packets based on protocol type, source and destination addresses, and port numbers.

IPv6 ACLs[edit]

  • One can only assign names to IPv6 ACLs (not numbers).
  • Compared to IPv4 standard & extended ACLs, there is only one type of IPv6 ACLs.
  • One should use the command traffic-filter (instead of access-group in IPv4).