CCNA Guide to Cisco Networking Fundamentals Fourth Edition
description
Transcript of CCNA Guide to Cisco Networking Fundamentals Fourth Edition
![Page 1: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/1.jpg)
CCNA Guide to Cisco Networking Fundamentals
Fourth Edition
Chapter 10Access Lists
![Page 2: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/2.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 2
Objectives
• Describe the usage and rules of access lists
• Establish standard IP access lists
• Produce extended IP access lists
• Apply access lists to interfaces
• Monitor and verify access lists
![Page 3: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/3.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 3
Objectives (continued)
• Create named access lists
• Use Security Device Manager to create standard and extended IP access lists
• Use Security Device Manager to create a router firewall
![Page 4: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/4.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 4
Access Lists: Usage and Rules
• Access lists– Permit or deny statements that filter traffic based on
the source address, destination address, protocol type, and port number of a packet
– Available for IP, IPX, AppleTalk, and many other protocols
![Page 5: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/5.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 5
Access List Usage
• You can create a standard access list that examines a packet for the packet’s source header information
• deny any statement– Implicitly blocks all packets that do not meet the
requirements of the access list– Exists even though it is not shown as part of the
access list
• With careful planning, you can create access lists that control which traffic crosses particular links– And which segments of your network will have access
to others
![Page 6: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/6.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 6
Access List Usage (continued)
![Page 7: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/7.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 7
Problems with Access Lists
• Lack of planning is one of the most common problems associated with access lists
• The need to enter the list sequentially into the router also presents problems– You cannot move individual statements once they are
entered– When making changes, you must remove the list,
using the no access-list [list number] command, and then retype the commands
• Access lists begin working the second they are applied to an interface
![Page 8: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/8.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 8
Access List Rules
• Example of the structure of a standard IP access list:RouterA(config)#access-list 1 deny 172.22.5.2 0.0.0.0
RouterA(config)#access-list 1 deny 172.22.5.3 0.0.0.0
RouterA(config)# access-list 1 permit any
• Router applies each line in the order in which you type it into the access list
• The no access-list [list #] command is used to remove an access list
![Page 9: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/9.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 9
Access List Rules (continued)
![Page 10: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/10.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 10
Access List Rules (continued)
• As a general rule, the lines with the most potential matches should be first in the list– So that packets will not undergo unnecessary
processing
• You should avoid unnecessarily long access lists
• After you create access lists, you must apply them to interfaces so they can begin filtering traffic– You apply a list as either an outgoing or an incoming
filter
![Page 11: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/11.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 11
Access List Rules (continued)• In summary, all access lists follow these rules:
– Routers apply lists sequentially in the order in which you type them into the router
– Routers apply lists to packets sequentially, from the top down, one line at a time
– Packets are processed only until a match is made– Lists always end with an implicit deny– Access lists must be applied to an interface as either inbound
or outbound traffic filters– Only one list, per protocol, per direction can be applied to an
interface– Access lists are effective as soon as they are applied
![Page 12: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/12.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 12
Standard IP Access Lists
• Standard IP access lists– Filter network traffic based on the source IP address
only– Using a standard IP access list, you can filter traffic
by a host IP, subnet, or a network address
• Configure standard IP access lists:– access-list [list #] [permit|deny] [source address] [source wildcard mask]
• Routers use wildcards to determine which bits in an address will be significant
![Page 13: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/13.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 13
Standard IP Access Lists (continued)
![Page 14: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/14.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 14
Standard IP Access Lists (continued)
![Page 15: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/15.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 15
Standard IP Access Lists (continued)
![Page 16: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/16.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 16
Standard IP Access Lists (continued)
![Page 17: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/17.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 17
Standard IP Access Lists (continued)
![Page 18: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/18.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 18
Standard IP Access List Examples
• Standard IP access lists permit or deny packets based only on the source address– Addresses can be a single host address, a subnet
address, or a full network address
![Page 19: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/19.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 19
![Page 20: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/20.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 20
Standard IP Access List Examples (continued)
![Page 21: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/21.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 21
Standard IP Access List Examples (continued)
• Correct placement of a list is imperative
• To view the access lists defined on your router, use the show access-lists command– For IP access lists you could also use the show ip access-lists command
• If you decide that an access list needs to be removed from an interface– You can remove it with the no ip access-group [list #] command
![Page 22: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/22.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 22
![Page 23: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/23.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 23
Standard IP Access List Examples (continued)
![Page 24: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/24.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 24
Standard IP Access List Examples (continued)
![Page 25: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/25.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 25
Standard IP Access List Examples (continued)
![Page 26: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/26.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 26
Standard IP Access List Examples (continued)
![Page 27: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/27.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 27
Standard IP Access List Examples (continued)
• Application of the list as an outbound filter on FastEthernet0/0– See Figure 10-15
• Use the show access-lists or show ip access-lists command followed by the show ip interface command– To verify that the list has been entered and applied
correctly
![Page 28: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/28.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 28
Standard IP Access List Examples (continued)
![Page 29: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/29.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 29
![Page 30: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/30.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 30
Standard IP Access List Examples (continued)
![Page 31: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/31.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 31
Monitoring Standard IP Access Lists
• Three main commands are available for monitoring access lists on your router– show access-lists– show ip access-lists– show interfaces or show ip interface
• Use the no access-list [list #] command to remove the list
• Use the no ip accessgroup [list #][direction] command to remove the application of the list
![Page 32: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/32.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 32
Extended IP Access Lists
• Extended IP access lists– Can filter by source IP address, destination IP
address, protocol type, and application port number– This granularity allows you to design extended IP
access lists that:• Permit or deny a single type of IP protocol
• Filter by a particular port of a particular protocol
![Page 33: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/33.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 33
Extended IP Access Lists (continued)
• To configure extended IP access lists, you must create the list and then apply it to an interface using the following syntax– access-list [list #] [permit|deny] [protocol] [source IP address] [source wildcard mask] [operator] [port] [destination IP address] [destination wildcard mask] [operator] [port] [log]
![Page 34: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/34.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 34
Extended IP Access List Examples
![Page 35: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/35.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 35
![Page 36: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/36.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 36
![Page 37: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/37.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 37
Extended IP Access List Examples (continued)
![Page 38: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/38.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 38
The “Established” Parameter
• Established parameter– Permits traffic from any host on any network to any
destination, as long as the traffic was in response to a request initiated inside the network
• Example:access-list 100 permit tcp any 15.0.0.0 0.255.255.255 established
![Page 39: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/39.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 39
Monitoring Extended IP Access Lists
• The same commands used to monitor standard IP access lists are used to monitor extended IP access lists
• Extended IP lists keep track of the number of packets that pass each line of an access list– The clear access-list counters [list #]
command clears the counters– The no access-list [list#] command removes
the list – The no ip access-group [list#] [direction]
command removes the application of the list
![Page 40: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/40.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 40
Monitoring Extended IP Access Lists
![Page 41: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/41.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 41
Monitoring Extended IP Access Lists
![Page 42: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/42.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 42
Using Named Lists
• Named access lists– In Cisco IOS versions 11.2 and above, names instead
of numbers can be used to identify lists
• To name a standard IP access list, use the following syntax:
RouterC(config)#ip access-list standard [name]
• To name an extended IP access list, use the following syntax:
RouterC(config)#ip access-list extended [name]
![Page 43: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/43.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 43
Using Named Lists (continued)
• Once the list is named, the permit or deny statement is entered
• The commands follow the same syntax as unnamed lists– The beginning part of the command is not included
• To apply a standard IP named list to an interface, the syntax is:
RouterC(config-if)#ip access-group [name] [in | out]
![Page 44: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/44.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 44
Using Named Lists (continued)
• Advantages:– Allows you to maintain security by using an easily
identifiable access list– Removes the limit of 100 lists per filter type– With named access lists lines can be selectively
deleted in the ACL– Named ACLs provide greater flexibility to network
administrators who work in environments where large numbers of ACLs are needed
![Page 45: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/45.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 45
Controlling VTY Line Access
• Access lists are used for both traffic flow and security
• One useful security feature of access lists is restricting access to telnet on your router– By controlling VTY line access
• You must first create a standard IP access list that permits the management workstation
RouterA(config)#access-list 12 permit 192.168.12.12 0.0.0.0
• Then, it must be applied to the VTY linesaccess-class [acl #] in | out
![Page 46: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/46.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 46
Controlling VTY Line Access (continued)
• To apply access list 12 to the VTY lines, use the following command:RouterA(config)#line vty 0 4
RouterA(config-line)#access-class 12 in
• The commands to restrict access to the VTY lines to network 192.168.12.0/24 only are:RouterA(config)#access-list 13 permit 192.168.12.0 0.0.0.255
RouterA(config)#line vty 0 4
RouterA(config-line)#access-class 13 in
![Page 47: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/47.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 47
Using Security Device Manager to Create Access Control Lists
• Using the SDM, an administrator can accomplish all the tasks that formerly required use of the CLI interface
• SDM allows you to easily create a standard or an extended access list or, as it is known in the SDM, an Access Control List (ACL)
![Page 48: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/48.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 48
![Page 49: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/49.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 49
![Page 50: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/50.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 50
![Page 51: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/51.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 51
![Page 52: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/52.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 52
![Page 53: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/53.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 53
![Page 54: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/54.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 54
Using Security Device Manager to Create a Router Firewall
• Unlike the CLI, the SDM allows a router to be configured as a firewall
![Page 55: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/55.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 55
![Page 56: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/56.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 56
![Page 57: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/57.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 57
![Page 58: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/58.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 58
Using Security Device Manager to Create a Router Firewall (continued)
![Page 59: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/59.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 59
Using Security Device Manager to Create a Router Firewall (continued)
![Page 60: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/60.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 60
![Page 61: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/61.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 61
Summary
• Access lists are one of the most important IOS tools for controlling network traffic and security
• Access lists are created in a two-step process
• All access lists are created sequentially and applied sequentially to all packets that enter an interface where the list is applied
• By default, access lists always end in an implicit deny any statement
• Only one access list per direction (inbound or outbound) per protocol can be applied to an interface
![Page 62: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/62.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 62
Summary (continued)
• Standard IP access lists allow you to filter traffic based on the source IP address of a packet
• Extended IP access lists filter traffic based on source, destination, protocol type, and application type
• Access lists can be used to restrict telnet by controlling VTY line access
• Ranges of numbers represent all access lists
![Page 63: CCNA Guide to Cisco Networking Fundamentals Fourth Edition](https://reader035.fdocuments.us/reader035/viewer/2022062221/56814883550346895db597cc/html5/thumbnails/63.jpg)
CCNA Guide to Cisco Networking Fundamentals, Fourth Edition 63
Summary (continued)
• The SDM can be used to configure both standard and extended ACLs via the Additional Tasks configuration tab
• The SDM can be used to configure a router as either a Basic or Advanced firewall
• The main difference between a Basic and Advanced firewall is the ability to configure DMZ interfaces in the Advanced firewall setup wizard