is the same as described for an interface.
However, applying the ACL to a terminal line requires the
access-class command instead of the access-group
command. The following should be considered when configuring
access lists on vty lines: - When controlling access to
an interface, a name or number can be used.
- Only
numbered access lists can be applied to virtual lines.
- Set identical restrictions on all the virtual terminal
lines, because a user can attempt to connect to any of
them.
Lab Activity e-Lab Activity: Access
Control Lists In this lab, the students will practice using
ACLs to filter IP traffic. Web Links Strategies &
Issues: Ports of Entry - Routers in the Crosshairs
http://www.networkmagazine.com/shared/article/
showArticle.jhtml?articleId=8703354&classroom=
Content Summary An understanding of the following
key points should have been achieved: - ACLs perform
several functions within a router, including implementing
security/access procedures.
- ACLs are used to control
and manage traffic.
- For some protocols, two ACLs can
be applied to an interface: one inbound ACL and one outbound
ACL.
- With ACLs, after a packet is matched to an ACL
statement, it can be denied or permitted access to the
router.
- Wildcard mask bits use the number one (1) and
the number zero (0) to identify how to treat the corresponding
IP address bits.
- Access list creation and application
is verified through the use of various IOS show commands.
- The two main types of ACLs are standard and extended.
- Named ACLs allow for the use of a name to identify the
access list instead of a number.
- ACLs can be
configured for all routed network protocols.
- ACLs are
placed where they allow the most efficient control.
- ACLs are typically used in firewall routers.
- Access lists can also restrict virtual terminal access to
the router.