If ACLs
are not configured, all packets passing through the router would be allowed onto all parts of the network.
For example, ACLs can allow one host to access the Internet and prevent another host from accessing the
Internet, as shown in Figure 2-1. Host A can access resources on the Internet, whereas access for Host B is
denied. ACLs can also be used to determine what type of traffic is forwarded or blocked at the router interfaces.
For example, all HTTP traffic can be permitted, while FTP traffic is blocked. This is just a simple example; much
more complex scenarios can be achieved by using ACLs.
Figure 2-1. Secure Router Using ACL
When to Configure ACLs
ACLs can be used on a device as the first line of defense for the network. This can be achieved using an ACL on
routers, switches, or firewalls that are placed between an internal network (protected zone) and an external
network (unprotected zone), such as the Internet. ACLs can also be used on a device placed between two parts
of the network, to control traffic entering or exiting a specific part of the network. Another alternative is to use
ACLs to filter inbound traffic or outbound traffic on a device, or both for that matter.
Pages:
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71