tailieunhanh - Lecture Access Control Lists: Introducing ACL Operation
In this module introduce Access Control Lists (ACLs). ACLs can be used for IP packet filtering or to identify traffic to assign it special handling. ACLs perform top-down processing and can be configured for incoming or outgoing traffic. You can create an ACL using a named or numbered ACL. Named or numbered ACLs can be configured as standard or extended ACLs, which determines what they can filter. | Access Control Lists Introducing ACL Operation Why Use ACLs? Filtering: Manage IP traffic by filtering packets passing through a router Classification: Identify traffic for special handling Layer 2 of 2 Emphasize: An access list is a mechanism for identifying particular traffic. One application of an access list is for filtering traffic into or out of a router interface. ACL Applications: Filtering Permit or deny packets moving through the router. Permit or deny vty access to or from the router. Without ACLs, all packets could be transmitted to all parts of your network. Purpose: This figure illustrates common uses for IP access lists. Emphasize: While this chapter focuses on IP access lists, the concept of access lists as mechanisms to control traffic in a network applies to all protocols. Note: An improved security solution is the lock-and-key access feature, which is available only with IP extended access lists. Lock-and-key access allows you to set up dynamic access lists that . | Access Control Lists Introducing ACL Operation Why Use ACLs? Filtering: Manage IP traffic by filtering packets passing through a router Classification: Identify traffic for special handling Layer 2 of 2 Emphasize: An access list is a mechanism for identifying particular traffic. One application of an access list is for filtering traffic into or out of a router interface. ACL Applications: Filtering Permit or deny packets moving through the router. Permit or deny vty access to or from the router. Without ACLs, all packets could be transmitted to all parts of your network. Purpose: This figure illustrates common uses for IP access lists. Emphasize: While this chapter focuses on IP access lists, the concept of access lists as mechanisms to control traffic in a network applies to all protocols. Note: An improved security solution is the lock-and-key access feature, which is available only with IP extended access lists. Lock-and-key access allows you to set up dynamic access lists that grant access per user to a specific source/destination host through a user authentication process. You can allow user access through a firewall dynamically, without compromising security restrictions. Transition: The following figure is the first of a three-layer build that presents other uses of access lists specific to Cisco IOS™ features. Special handling for traffic based on packet tests ACL Applications: Classification Layer 3 of 3 Purpose: This figure is the last layer of the build for other uses of access lists. Emphasize: Access lists are used to define input traffic for route filtering to restrict the contents of routing updates. Transition: The following figure is a two-layer build to show the difference between inbound and outbound access lists. Outbound ACL Operation If no ACL statement matches, discard the packet. Layer 3 of 3 Purpose: Shows a deny result of the access list test. Emphasize: Now the packet is discarded into the packet discard bucket. The unwanted packet has .
đang nạp các trang xem trước