This chapter covers
- How access control lists filter packets by matching and acting on them
- Configuring standard numbered and named ACLs
- Applying ACLs to interfaces to filter inbound or outbound packets
By default, a Cisco router forwards any packet that has a matching route in its routing table. However, this default behavior may not align with an organization’s security needs. In many cases, access to specific resources—such as servers containing sensitive information—should be restricted to authorized individuals or devices.
In a networking role, it’s typically not your responsibility to define the security requirements of your organization—most organizations above a certain size will have a dedicated security team. However, it is your responsibility to build and maintain a network that meets your organization’s security requirements, and access control lists (ACLs) are an essential tool to help you achieve that goal. In this chapter, we’ll examine ACLs from the perspective of a network engineer who must fulfill such requirements: users in department A shouldn’t be able to access resources on server B, users in departments X and Y shouldn’t be able to communicate with each other over the network, etc.