As switched networks grow, it eventually becomes necessary to place routers in the network design. Although routers filter broadcasts by default, they also forward other types of IP traffic automatically.

Static routing tables and routing protocols tell the routers where to forward IP traffic. While using static routing tables and routing protocols to control traffic are possible, it is primarily their job to provide routes to and from networks—not to filter traffic. The job of filtering IP traffic is best performed by access lists.

There are two types of IP access lists: standard and extended. Let’s take a look at each type.

Standard IP access lists
Standard IP access lists use only the source address to control traffic. The source address can be specified by an IP address of a single workstation or an entire IP segment.

Once the source address has been identified, you can specify whether to permit or deny traffic from that source and apply this list to the router interface. Since standard IP access lists only filter traffic based on the source address; you must use extended IP access lists to gain more granular control over IP traffic.

Extended IP access lists
Extended IP access lists can filter traffic based on the following:

  • Source Address
  • Destination Address
  • Protocol
  • Port

Filtering traffic at this level can be handy when trying to implement common network solutions. For example, let’s say you have a group of users in accounting who must have HTTP access to an intranet server in the IS department, but they shouldn’t be able to connect to that server by any other protocol. Using extended IP access lists, you can specify that users on the accounting department subnet are permitted to connect to the intranet server using only HTTP and only on port 80.

Because of their flexibility and versatility, extended IP access lists are powerful tools that can help administrators manage traffic on their LANs more effectively.

For more information on how to create and implement IP access lists, check out CCIE Professional Development : Routing TCP/IP, Volume I , fro m Cisco Press.

Warren Heaton CCDA, CCNA, MCSE+I is the Cisco Program Manager for A Technological Advantage in Louisville, KY.

There’s no reason not to get exactly what you want from TechRepublic. By becoming a volunteer member of AdminRepublic’s Virtual Advisory Board, you can help guide our Web site by giving us your opinions on the topics and features you need as an elite member of the admin community.
Member responsibilities include:

  • Advising TechRepublic on topics of interest
  • Evaluating new features
  • Building the community to answer the concerns that you have

We are currently accepting applications for a limited number of openings. Don’t wait any longer; apply now by sending us an e-mail. We’ll send you an application and more information about our volunteer board.
This is an opportunity to play a pivotal role in creating something that will help propel you in your IT career. Plus it’s another great thing to add to your resume!