| 10.1 | Access Lists | ||
| 10.1.5 | Syntax for applying access lists |
|
Access lists are applied to one or more
interfaces, and can filter inbound or outbound traffic. A good rule
to remember is that you can apply one access list per protocol, per
interface, per direction (in or out). Outbound access lists
require few CPU cycles than inbound lists and therefore are
preferred. A router with an outbound access list must switch every packet to an
outbound interface before checking against the list. This results in
a waste of processing resources if the packet ends up being denied.
To apply an access list to an interface, use the command syntax shown in the figure: Router(config-if)#ip
access-group access-list-number | Applying access lists to an interface is just one part of IP traffic management. The following section looks at other ways of applying access lists to implement security.
|