162
Access Control List Configuration
19 ACCESS CONTROL LIST
CONFIGURATION
This chapter provides an overview of IP Access Control Lists and describes the tasks involved in
configuring them through the Inalp SmartWare, Release 2.00. For a complete description of the IP
Access Control List commands in this chapter, refer to Chapter 7, “Profile ACL Mode”, in the
SmartWare
Command Reference Guide
.
This chapter includes the following sections:
•
About Access Control Lists
•
Access Control List Configuration Task List
•
Examples
19.1 About Access Control Lists
This section briefly describes what access lists do, why and when you should configure access lists,
and basic versus advanced access lists.
19.1.1 What Access Lists Do
Access lists filter network traffic by controlling whether routed packets are forwarded, dropped or
blocked at the router's interfaces. Your router examines each packet to determine whether to forward
or drop the packet, based on the criteria you specified within the access lists.
Access list criteria could be the source address of the traffic, the destination address of the traffic, the
upper-layer protocol, or other information.
Note
that sophisticated users can sometimes successfully
evade or fool basic access lists because no authentication is required.
19.1.2 Why You Should Configure Access Lists
There are many reasons to configure access lists. For example, you can use access lists to restrict
contents of routing updates, or to provide traffic flow control. But one of the most important reasons
to configure access lists is to provide security for your network, and this is the reason that is focussed
on in this chapter.
You should use access lists to provide a basic level of security for accessing your network. If you do
not configure access lists on your router, all packets passing through the router could be allowed
onto all parts of your network.
For example, access lists can allow one host to access a part of your network, and prevent another
host from accessing the same area. In Figure 19-1 host A is allowed to access the Human Resources
network and host B is prevented from accessing the Human Resources network.
Software Configuration Guide, Revision 1.03
Summary of Contents for SmartWare R2.00
Page 2: ......