Network security is a huge subject, and much of it is far beyond the scope of this course. However, one of the most important skills a network administrator needs is mastery of access control lists (ACLs).

Network designers use firewalls to protect networks from unauthorized use. Firewalls are hardware or software solutions that enforce network security policies. Consider a lock on a door to a room inside a building. The lock allows only authorized users with a key or access card to pass through the door. Similarly, a firewall filters unauthorized or potentially dangerous packets from entering the network. On a Cisco router, you can configure a simple firewall that provides basic traffic filtering capabilities using ACLs. Administrators use ACLs to stop traffic or permit only specified traffic on their networks.

An ACL is a sequential list of permit or deny statements that apply to addresses or upper-layer protocols. ACLs provide a powerful way to control traffic into and out of a network. ACLs can be configured for all routed network protocols.

The most important reason to configure ACLs is to provide security for a network. This chapter explains how to use standard and extended ACLs on a Cisco router as part of a security solution. Included are tips, considerations, recommendations, and general guidelines on how to use ACLs.

This chapter includes an opportunity to develop your mastery of ACLs with a series of lessons, activities, and lab exercises.