Network administrators face
the dilemma of how to deny unwanted traf?¬?c while allowing appropriate access. For example,
you can use an ACL as a ?¬?lter to keep the rest of your network from accessing sensitive data
on the ?¬?nance subnet.
Through classi?¬?cation and ?¬?ltering, ACLs provide a powerful toolset in Cisco IOS. Consider the
network diagram in Figure 6-1. Using ACLs, administrators have the tools to block traf?¬?c from
the Internet, provide controlled access to manage Cisco IOS devices, and provide address
translation for private addresses such as the 172.16.0.0 network.
Figure 6-1 ACLs Provide Control
Filtering is the function of ACLs that people identify most readily. ACLs offer an important tool
for controlling traf?¬?c on the network. Packet ?¬?ltering helps control packet movement through the
Internet
172.17.0.0
172.16.0.0
Administrator
Console
Access Control List Operation 207
network. Figure 6-2 shows an example of ACLs ?¬?ltering traf?¬?c transmission in and out of a
physical interface or to the Telnet session of a Cisco IOS device.
Figure 6-2 ACL Filtering
Cisco provides ACLs to permit or deny the following:
?– The crossing of packets to or from speci?¬?ed router interfaces and traf?¬?c going through the
router
?– Telnet traf?¬?c into or out of the router vty ports for router administration
By default, all IP traf?¬?c is permitted in and out of all the router interfaces.
Pages:
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316