CIS 305-Sem2Les14.html

Del Mar College
ITNW 1392-Beginning Router Configuration
Instructor:Michael P. Harris

Sem2Les14

Semester 2, Lesson 14 Notes:

Router Access Lists, Security, and Firewalls

"Access list" - (1) List kept by Cisco routers to control access to or from the router for a number of services (for example, to prevent packets with a certain IP address from leaving a particular interface on the router). (2) Command that creates an entry in a standard traffic filter list.

Standard

-Simpler address specifications
-Generally permits or denies entire protocol suites

Extended

-More complex address specifications
-Generally permits or denies specific protocols

"Access lists" offer another powerful tool for network control. These lists add the flexibility to filter the packet flow that flows in or out of router interfaces. "Access lists" perform several functions within a Cisco router including:

Impliment security/access procedures
Act as a protocol "firewall"

"Extended Access lists" allow 'filtering' on address, protocol, and applications. Access lists are used to 'limit broadcast traffic'.

You can also use "Access lists" to:

Identify packets for priority or custom queing
Restrict or reduce the contents of routing updates

"Access lists" also process packets for other security features to:

Provide IP traffic dynamic access control with enhanced user authentication using the lock-and-key feature
Identify packets for encryption
Identify Telnet access allowed to the router virtual terminals

"DDR" (Dial-on-demand routing) Technique whereby a Cisco router can automatically initiate and close a 'circuit-switched session' as transmitting stations demand. The router 'spoofs keepalives' so that end stations treat the session as active. DDR permits routing over ISDN or telephone lines using an external ISDN terminal adaptor or modem.

Lesson 13 Index

This page is maintained by: Michael P. Harris

viking.delmar.edu
Last updated April 2 mpharris@surf.delmar.edu
Copyright © 1999