Expert Reference Series of White Papers
Security is becoming more and more common in every environment, regardless how big or small the network
happens to be. Anytime we think of security, the first thing that comes to our minds is the implementation of
firewalls. What if firewalls are not available in your network? What if your firewalls are only meant for connec-
tivity from the outside world? Or, better yet, what if firewalls are controlled by different groups in your
organization, and you want to do something to protect your network internally between departments and/or
maybe your budget doesn’t allow you to get firewalls. Can you get somewhat similar functionality with your
The answer is yes. You can get limited security with the access-list on your routers. However, access-lists on
routers are in no way replacements for firewalls.
The abilities of access-list have evolved a lot since they were introduced in the early versions of Cisco IOS.
What you can and cannot do with access-list will vary between IOS releases. With the IOS Firewall Feature set
you can do more than what will be discussed in this whitepaper. This paper gives you the basics of access-list
with implementations examples as covered in the CCNA certifications. These CCNA focused access-lists are for
TCP/IP protocol only even though access-lists can control other protocols like IPX/SPX, and Appletalk.
Typically, when you think of access-list you think about permitting or denying certain type of traffic. You think
of protecting your network from being hacked. Well, that’s not the only use for access-list. access-lists have
many other purposes. For example, with an access-list, you can trigger your ISDN calls – to mark what interest-
ing traffic will trigger the call. With access-lists, you can mark traffic from specific source and/or destination
addresses and prioritize that traffic over other traffic. With access-lists, you can a