Wednesday, November 16, 2011

Module 11: Access Control Lists (ACLs) / Overview


Overview
Network administrators must be able to deny unwanted access to a network and allow authorized users to access necessary services. Security tools such as passwords, callback equipment, and physical security devices are helpful. However, they often lack the flexibility of basic traffic filters and the specific controls that most administrators prefer. For example, a network administrator may want to allow users access to the Internet, but not permit external users Telnet access into the LAN.
Routers provide the capability to filter traffic, such as blocking Internet traffic, with access control lists (ACLs). An ACL is a sequential list of permit or deny statements that apply to addresses or upper-layer protocols. This module will introduce standard and extended ACLs as a way to control network traffic and explain how they are used as part of a security solution.
This module includes tips, considerations, recommendations, and general guidelines on how to use ACLs. It also includes the commands and configurations needed to create ACLs. Finally, this module provides examples of standard and extended ACLs and describes ACL placement on router interfaces.
An ACL can be as simple as a single line that permits packets from a specific host or it can be a complex set of rules and conditions that defines network traffic and determines the router processes. While many of the advanced uses of ACLs are beyond the scope of this course, this module provides details about standard and extended ACLs, the proper placement of ACLs, and some special applications of ACLs.
This module covers some of the objectives for the CCNA 640-801 and ICND 640-811 exams. 
Students who complete this module should be able to perform the following tasks: 
  • Describe the differences between standard and extended ACLs
  • Explain the rules for placement of ACLs
  • Create and apply named ACLs
  • Describe the function of firewalls
Use ACLs to restrict virtual terminal access 

No comments:

Post a Comment