?– Depending on how you apply the ACL, the ACL ?¬?lters traf?¬?c either going through the router
or going to and from the router, such as traf?¬?c to or from the vty lines.
?– You should typically place extended ACLs as close as possible to the source of the traf?¬?c that
you want to deny. Because standard ACLs do not specify destination addresses, you must put
the standard ACL as close as possible to the destination of the traf?¬?c you want to deny so the
source can reach intermediary networks.
Additional Types of ACLs
Standard and extended ACLs can become the basis for other types of ACLs that provide additional
functionality. These other types of ACLs include the following:
?– Dynamic ACLs (lock-and-key)
?– Re?¬‚exive ACLs
?– Time-based ACLs
Dynamic ACLs
Dynamic ACLs depend on Telnet connectivity, authentication (local or remote), and extended
ACLs. Lock-and-key con?¬?guration starts with the application of an extended ACL to block traf?¬?c
through the router. Users who want to traverse the router are blocked by the extended ACL until
they use Telnet to connect to the router and are authenticated. The Telnet connection is then
dropped, and a single-entry dynamic ACL is added to the extended ACL.
Pages:
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327