Textbook Notes (280,000)
CA (170,000)
U of A (2,000)
ECE (30)
ECE495 (20)
mint (20)
Chapter 1

ECE495 Chapter Notes - Chapter 1: Cisco Ios, Integrated Services Digital Network, Access Control


Department
Electrical and Computer Engineering
Course Code
ECE495
Professor
mint
Chapter
1

This preview shows half of the first page. to view the full 3 pages of the document.
PIX/ASA Access Control Lists v1.11 – Aaron Balchunas
* * *
All original material copyright © 2008 by
Aaron Balchunas (aaron@routeralley.com),
unless otherwise noted. All other material copyright © of their respective owners.
This material may be copied and used freely, but may not be altered or sold without the expressed written
consent of the owner of the above copyright. Updated material may be found at http://www.routeralley.com.
1
- PIX/ASA Access Control Lists -
Basics of Access Control Lists (ACLs)
Access control lists (ACLs) can be used for two purposes on Cisco devices:
To filter traffic
To identify traffic
Access lists are a set of rules, organized in a rule table. Each rule or line in
an access-list provides a condition, either permit or deny:
When using an access-list to filter traffic, a permit statement is used to
“allow” traffic, while a deny statement is used to “block” traffic.
Similarly, when using an access list to identify traffic, a permit
statement is used to “include” traffic, while a deny statement states
that the traffic should “not” be included. It is thus interpreted as a
true/false statement.
Filtering traffic is the primary use of access lists. However, there are several
instances when it is necessary to identify traffic using ACLs, including:
Identifying interesting traffic to bring up an ISDN link or VPN tunnel
Identifying routes to filter or allow in routing updates
Identifying traffic for QoS purposes
When filtering traffic, access lists are applied on interfaces. As a packet
passes through a device, the top line of the rule list is checked first, and the
device continues to go down the list until a match is made. Once a match is
made, the packet is either permitted or denied.
There is an implicit ‘deny all’ at the end of all access lists. You don’t create
it, and you can’t delete it. Thus, access lists that contain only deny
statements will prevent all traffic.
You're Reading a Preview

Unlock to view full version