Figure 6-3 shows some examples of using ACLs for traf?¬?c classi?¬?cation, such as which traf?¬?c to
encrypt across the VPN, which routes should be redistributed between Open Shortest Path First
(OSPF) and Enhanced Interior Gateway Routing Protocol (EIGRP), and which addresses to
translate using NAT.
Figure 6-3 ACLs Identify Traf?¬?c
ACL Operation
ACLs express the set of rules that give added control for packets that enter inbound interfaces,
packets that relay through the router, and packets that exit outbound interfaces of the router. ACLs
do not act on packets that originate from the router. Instead, ACLs are statements that specify
conditions of how the router handles the traf?¬?c ?¬‚ow through speci?¬?ed interfaces.
ACLs operate in two ways:
?– Inbound ACLs: Incoming packets are processed before they are routed to an outbound
interface. An inbound ACL is ef?¬?cient because it saves the overhead of routing lookups if the
packet will be discarded after it is denied by the ?¬?ltering tests. If the packet is permitted by
the tests, it is processed for routing.
?– Outbound ACLs: Incoming packets are routed to the outbound interface and then processed
through the outbound ACL.
Pages:
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318