CCNA的ACL讲解.pptVIP

Purpose: This figure illustrates common uses for IP access lists. Emphasize: While this chapter focuses on IP access lists, the concept of access lists as mechanisms to control traffic in a network applies to all protocols. Note: An improved security solution is the lock-and-key access feature, which is available only with IP extended access lists. Lock-and-key access allows you to set up dynamic access lists that grant access per user to a specific source/destination host through a user authentication process. You can allow user access through a firewall dynamically, without compromising security restrictions. Transition: The following figure is the first of a three-layer build that presents other uses of access lists specific to Cisco IOS? features. Layer 3 of 3 Purpose: This figure is the last layer of the build for other uses of access lists. Emphasize: Access lists are used to define input traffic for route filtering to restrict the contents of routing updates. Transition: The following figure is a two-layer build to show the difference between inbound and outbound access lists. Layer 3 of 3 Purpose: Describe an inbound versus outbound access list on an interface. Layer 3 of 3 Emphasize: Layer 3—Adds the Novell IPX access lists covered in Chapter 11, “Configuring Novell IPX,” and the number ranges for these types of access lists. As of Release 11.2.4(F), IPX also supports named access lists. Point out that number ranges generally allow 100 different access lists per type of protocol. When a given hundred-number range designates a standard access list, the rule is that the next hundred-number range is for extended access lists for that protocol. Exceptions to the numbering classification scheme include AppleTalk and DECnet, where the same number range can identify various access list types. For the most part, number ranges do not overlap between different protocols. Note: With Cisco IOS 12.0, the IP access-lists range has been expanded to also include: