IP Filtering 101

Filtering the packets being transmitted through a router can be desirable for a number of reasons. Security is usually the first reason that comes to mind. Other reasons to place restrictions on the packets flowing through your routers are protecting your network from malicious denial of service attacks and enforcing your company's routing policies. Access-lists can be defined in one of two ways because the filtering effect has some subtle but important differences. Access-lists can be defined as either enable access, or deny access. Every access-list defined on a Cisco router has an implicit deny any at the end, whether it is configured that way or not. If CPU load on your routers is a concern, you should think a great deal ...

Get Cisco® Router Configuration & Troubleshooting, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.