CCNA Certification/Security
Acknowledgements — Introduction — The OSI Model — Application Layer — Transport Layer — Network Layer — Addressing — Routing Protocols — Data Link Layer — Switching — Physical Layer — Router Operation — Advanced Addressing Topics — Advanced Routing Topics — Advanced Switching Topics — Security — WAN — Configuration — Conclusion — References — About the Exam — Cisco Router Commands — Quick Reference Sheet
Security
editManaging IP traffic with Access Lists
editAccess list (ACL) is a sequence of rules that inform the cisco router which network packets it should block and which it should route normally. By itself, an ACL has no effect on the routing process. In order to take effect, one should apply the ACL to one or more interfaces on the router. Moreover, one should specify whether the rule is applies to incoming or outgoing network traffic.
IPv4 Standard ACLs
editStandard ACLs filter IP packets based on their destination only.The access-list command syntax is:
Router(config)# access-list {1-99} {permit | deny} source-addr [source-mask]
IPv4 Extended ACLs
editExtended ACLs can filter packets based on protocol type, source and destination addresses, and port numbers.
IPv6 ACLs
edit- One can only assign names to IPv6 ACLs (not numbers).
- Compared to IPv4 standard & extended ACLs, there is only one type of IPv6 ACLs.
- One should use the command traffic-filter (instead of access-group in IPv4).