background image
T
he proper use and configuration of access lists is a vital part
of router configuration because access lists are such vital networking
accessories. Contributing mightily to the efficiency and optimization of
your network, access lists give network managers a huge amount of
control over traffic flow throughout the internetwork. With access lists,
managers can gather basic statistics on packet flow and security policies
can be implemented. Sensitive devices can also be protected from unau-
thorized access.
Access lists can be used to permit or deny packets moving through the
router, permit or deny Telnet (VTY) access to or from a router, and create dial-
on-demand interesting traffic that triggers dialing to a remote location.
In this chapter, we'll discuss access lists for both TCP/IP and IPX, and
we'll cover some of the tools available to test and monitor the functionality
of applied access lists.
Access Lists
A
n
access list
is essentially a list of conditions that control access both
to and from a network segment. Access lists can filter unwanted packets and
be used to implement security policies. With the right combination of access
lists, network managers arm themselves with the power to enforce nearly
any access policy they can invent.
The IP and IPX access lists work similarly--they're both packet filters that
packets are compared with, categorized by, and acted upon. Once the lists
are built, they can be applied to either inbound or outbound traffic on any
interface. Applying an access list will then cause the router to analyze every
packet crossing that interface in the specified direction and take action
accordingly.
Copyright ©2002 SYBEX, Inc., Alameda, CA
www.sybex.com