Summary
453
Router_C(config)#access-list 30 deny 172.16.30.0 0.0.0.255
Router_C(config)#access-list 30 permit any
Router_C(config)#router eigrp 100
Router_C(config-router)#distribute-list 30 in serial0
Router_C(config-router)#^Z
Router_C#
After applying access list 30 via the distribute-list command, we exe-
cuted another show ip route on the router. Here is the result:
Router_C#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - [output cut]
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
C 172.16.40.4/30 is directly connected, Serial0
D 172.16.20.4/30 [90/2681856] via 172.16.40.5, 00:00:02,
Serial0
D 172.16.0.0/16 is a summary, 00:00:02, Null0
Router_C#
You can see that the 172.16.30.0 network is no longer in the routing
table. This is how the distribute-list command works.
Summary
T
his chapter covered the different aspects of designing and implement-
ing access polices on your internetwork. It is important to create for your
network access policies that start at physical security and extend through the
entire internetwork.
In this chapter, we covered the following:
Defining and applying access policies at the access layer and distribu-
tion layer
Managing network devices by setting passwords, using privilege levels
and banners, and limiting VTY and HTTP access
Managing the MAC address table by configuring port security
Providing an overview of access lists and route filtering
Copyright ©2000 SYBEX , Inc., Alameda, CA
www.sybex.com