Cisco Access Lists Field Guide / Edition 1

Paperback (Print)
Buy New
Buy New from
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 93%)
Other sellers (Paperback)
  • All (17) from $1.99   
  • New (7) from $25.82   
  • Used (10) from $1.99   



Configuring access lists for Cisco Routers and for network operations is one of the most difficult tasks for network administrators working in a Cisco networking environment. Cisco- Access Lists Field Guide, by Gil Held and Kent Hundley, CCNA, makes this task far less of a headache. This comprehensive reference thoroughly explores basic, dynamic, time-based, reflexive, and context-based access lists, and the use of keywords. Following a consistent, reader-friendly format, each chapter covers the problem, offers a network illustration and access list, and a full explanation. This invaluable guide also describes potential pitfalls, and tells you how to avoid them. You also get hundreds of practical examples of access lists that can be tailored to your own environment.

Read More Show Less

Product Details

  • ISBN-13: 9780072123357
  • Publisher: McGraw-Hill Osborne Media
  • Publication date: 3/30/2000
  • Series: McGraw-Hill Technical Expert Series
  • Edition number: 1
  • Pages: 288
  • Product dimensions: 0.60 (w) x 6.00 (h) x 9.00 (d)

Read an Excerpt

Chapter 1: Introduction

In the preface we noted that a router's access list is a network's first line of defense. We also noted that an access list provides a mechanism for controlling the flow of information through different interfaces of a router. This capability allows use of access lists to regulate the flow of information as a mechanism to implement organizational network-related policies. Such policies can represent security functions and affect the prioritization of traffic. For example, an organization may wish to enable or disable access from the Internet to a corporate Web server or allow traffic generated by one or more stations from an internal local area network (LAN) to flow onto an ATM-based communications backbone wide area network (WAN). Both of these situations, as well as other functions, can be accomplished by the use of access lists.

This chapter's goal is to acquaint you with the contents of the book. First we will introduce you to the concept of the Cisco Professional Field Guide Series, of which this book is the first, followed by a brief review of the role of routers and some basic information concerning Cisco access lists. Then we will provide a preview of the book, briefly focusing attention on material presented in succeeding chapters. The introduction, along with the index, will enable you to find topics of interest.

The Cisco Professional Reference Guide

The Cisco Professional Reference Guide Series provides information and a series of practical examples covering the operation of Cisco equipment that you can easily tailor to your specific organizational requirements.

This first book in the reference guide series is focused uponaccess lists, and provides detailed information on the use of different types of access lists, their formats and creation, application to interfaces, and operation. We provide a series of examples for each distinct type of access list that follows a common format, which includes an overview of an application or problem, a network schematic diagram illustrating the basic structure of a router with respect to its WAN and LAN interfaces, and appropriate IOS statements for effecting an access list that satisfies the application or problem. Each access list example concludes with an explanation of the rationale for key IOS statements required to implement the access list.

The Role of Routers

From an operational perspective the major function of a router is to transfer packets from one network to another. Routers operate at the network layer that represents the third layer of the open systems interconnection (OSI) reference model. By examining the network address of packets, routers are programmed to make decisions concerning the flow of packets, as well as the creation and maintenance of routing tables. Such protocols as the routing information protocol (RIP), open shortest path first (OSPF), and the border gateway protocol (BGP) represent only three of more than 50 routing protocols that have been developed over the past 20 years. The router represents the first line of protection for a network in terms of security. That protection is in the form of access lists created to enable or deny the flow of information through one or more router interfaces.

Cisco Systems routers support two types of access lists, basic and extended. A basic access list controls the flow of information based on network addresses. An extended access list controls the flow of information by network address and the type of data being transferred within a packet. Although access lists represent the first line of protection for a network, as currently implemented they usually do not examine the actual contents of the information fields of packets-nor do they maintain information about the "state" of a connection. In other words, each packet is examined individually without the router attempting to determine whether the packet is part of a legitimate conversation stream.

Over the past 2 years Cisco Systems has significantly enhanced the capability of access lists to include new functions such as the examination of inbound and outbound traffic based upon time of day and day of week, the ability to insert dynamic entries into standard and extended access lists, and the ability to prevent one of the more common methods of hacker attacks from adversely affecting Web servers and other network devices.

We will examine the types and features of Cisco access lists, including context-based access control lists (CBAC) and reflexive access control lists (reflexive ACLs). CBAC is the heart of the Cisco firewall feature set (FFS). The FFS is a specific code revision available for some Cisco router models. Beginning with IOS 12.0T, CBAC is available on the 800, 1600, 1720, 2500, 3600, and 7200 series routers. This feature maintains information about the state of an existing connection, examines application layer information for a limited number of TCP and UDP protocols, and provides a significantly greater level of security than traditional access lists. Reflexive ACLs are a new feature introduced in the 11.3 revision of the Cisco IOS. Reflexive ACLs maintain a degree of "pseudostate" information by creating dynamic entries in traditional ACLs once a legitimate conversation is started. Future packets are evaluated against the dynamic entries in the reflexive ACL to determine if they are part of an existing connection. Once the conversation is ended, the dynamic entries are deleted from the ACL. However, reflexive ACLs do not understand higher-layer protocols and are not suitable for use with some multichannel protocols such as file transfer protocol (FTP). CBAC and reflexive ACLs will be covered in detail later.

Access control lists can be used to perform a significant number of functions in addition to security-related tasks, so the examples provided go beyond security. We will illustrate methods to control router table updates, limit the flow of traffic by time and day, and explore other techniques associated with the use of access control lists.

Book Preview

This section provides an overview of the focus of succeeding chapters. You can use the information in this section either by itself or in conjunction with the index to directly locate specific areas of interest. While the authors recommend that persons not familiar with the basics of IOS and use of access lists read the first few chapters in consecutive order, the last five chapters were developed as modular units focused on a single type of access list, so once you become familiar with the initial chapters, you can read the later chapters based on your need for information and examples concerning a particular type of access list.

Router Hardware and Software

The ability to code and apply an access list requires an understanding of Cisco router hardware and software. Knowledge of the hardware enables understanding how a router operates as well as methods to facilitate its configuration. Chapter 2 examines the basic hardware components of a...

Read More Show Less

Table of Contents

1. Working with the Command Interpreter. 2. Basic Access Lists. 3. Dynamic Access Lists. 4. Time Based Access Lists. 5. Reflexive Access Lists. 6. Context Based Access Lists.
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted May 2, 2001

    Finally! An easy to understand Cisco Router Field Guide

    Whether you are a beginner, or an overworked Network Administrator like myself, this book does an amazing job on explaining Cisco Router concepts in a language that anyone can understand. I have held a CCNA certification for a couple of years now, but since I don't configure routers on a daily basis, I am rusty, and I usually find myself searching the net for help on commands and configurations. This book has made a big difference on my understanding of how routers work, and specifically, the practical configuration of Cisco IOS. Much more than a book on Access Lists like the title suggests, it is a very useful Field Manual and learning aid. I throughly recommend it!

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)