Cover image for Cisco IOS access lists
Cisco IOS access lists
Sedayao, Jeff.
Personal Author:
Publication Information:
Sebastopol, CA : O'Reilly & Associates, [2001]

Physical Description:
x, 260 pages : illustrations ; 24 cm
General Note:
Includes index.
Title Subject:
Format :


Call Number
Material Type
Home Location
Item Holds
TK5105.59 .S444 2001 Adult Non-Fiction Central Closed Stacks

On Order



Cisco routers are used widely both on the Internet and in corporate intranets. At the same time, the Cisco Internet Operating System (IOS) has grown to be very large and complex, and Cisco documentation fills several volumes. Cisco IOS Access Lists focuses on a critical aspect of the Cisco IOS--access lists. Access lists are central to the task of securing routers and networks, and administrators cannot implement access control policies or traffic routing policies without them. Access lists are used to specify both the targets of network policies and the policies themselves. They specify packet filtering for firewalls all over the Internet. Cisco IOS Access Lists covers three critical areas:

Intranets. The book serves as an introduction and a reference for network engineers implementing routing policies within intranet networking. Firewalls. The book is a supplement and companion reference to books such as Brent Chapman's Building Internet Firewalls. Packet filtering is an integral part of many firewall architectures, and Cisco IOS Access Lists describes common packet filtering tasks and provides a "bag of tricks" for firewall implementers. The Internet. This book is also a guide to the complicated world of route maps. Route maps are an arcane BGP construct necessary to make high level routing work on the Internet. Cisco IOS Access Lists differs from other Cisco router titles in that it focuses on practical instructions for setting router access policies. The details of interfaces and routing protocol settings are not discussed.

Author Notes

Jeff Sedayao is a network engineer with Intel Online Services, the web and application hosting division of Intel Corporation. From 1987 through 1999, he architected and maintained Intel's Internet connectivity, starting with a simple 2400-bps email link through CSNET and ending up with multiple sites connecting to the Internet with multiple ISPs at multi-megabit speeds. He has always been fascinated with policy and policy implementation, ranging from using Cisco IOS access lists for routing and firewall policies to sendmail configurations and address space design. As part of Intel Online Services, his main interests include network usage and performance issues, DNS and email implementation, and addressing and routing policy.

Table of Contents

Prefacep. vii
1. Network Policies and Cisco Access Listsp. 1
Policy setsp. 3
The policy toolkitp. 8
2. Access List Basicsp. 15
Standard access listsp. 15
Extended access listsp. 25
More on matchingp. 35
Building and maintaining access listsp. 41
Named access listsp. 48
3. Implementing Security Policiesp. 50
Router resource controlp. 50
Packet filtering and firewallsp. 56
Alternatives to access listsp. 89
4. Implementing Routing Policiesp. 93
Fundamentals of route filteringp. 93
Implementing routing modularityp. 103
Implementing route preferencesp. 113
Alternatives to access listsp. 126
5. Debugging Access Listsp. 131
Router resource access control listsp. 131
Packet-filtering access control listsp. 136
Route-filtering access control listsp. 149
6. Route Mapsp. 168
Other access list typesp. 168
Generic route map formatp. 179
Interior routing protocols and policy routingp. 180
BGPp. 184
Debugging route maps and BGPp. 201
7. Case Studiesp. 205
A WAN case studyp. 205
A firewall case studyp. 216
An Internet routing case studyp. 225
A. Extended Access List Protocols and Qualifiersp. 239
B. Binary and Mask Tablesp. 243
C. Common Application Portsp. 247
Indexp. 249