Saturday, August 25, 2012

Cisco Router Basics Access List


Without network security, many businesses and home users would be exposed for the world to see and access. The network security is not 100% prevent unauthorized users from accessing the network, but it helps limit the availability of a network from the outside world. Cisco devices have various tools to monitor and prevent security threats. One of the most common technologies used in network security Cisco Access Control Lists, or simply access lists (ACLs). When companies depend on their network to generate income, potential security breaches become a huge concern.

ACLs are implemented through the Cisco IOS software. ACL to define rules that can be used to prevent certain packets to flow through the network. The rules implemented in access-list usually are used to restrict a specific network or host to access another network or host. However, ACL can become more granular by implementing what is called an extended access-list. This type of ACL can deny or allow traffic based not only on the source or destination IP address, but also based on the data type being sent.

Extended ACL is able to examine many parts of the packet headers, which require that all the parameters to match the first to deny or allow traffic. Standard ACLs are easier to configure, but does not allow you to deny or allow information based on more specific requirements. Standard Access-lists only allow you to allow or block traffic by source address or network. When creating ACLs remember that there is always an implicit deny statement. This means that if a packet does not match any of the statements in the access list will be blocked by default. To over come this you must configure the permission of any statement of any standard ACL and permission any statements on Extended ACLs.

Packets can be filtered in many ways. You can filter packets entering the interface of a router before any routing decision is made. You can also filter packets before they exit an interface, after the routing decision is made. ACL configured statements are always read from top to bottom. So, if a packet matches a statement before going through the entire ACL, he stops and makes a forwarding decision based on this statement that matches. Therefore, the most critical and specific declarations should be made at the beginning of the list and instructions should be created from most important to least critical .......

No comments:

Post a Comment