资源说明：Preface Building and maintaining a network involves more than just making sure that packets can flow between devices on the network. As a network administrator, you also want to ensure that only the right people can access resources on your network, and that your network will continue to run even if parts of that network fail or are configured incorrectly. Your organization may have directives that you need to implement, like using cheaper network paths whenever possible. In short, while maintaining connectivity is important, you also need to implement security, robustness, and business policies with your network. This book is about network policies and how to implement those policies using Cisco IOS access lists. I present a way to think about access lists and network policy, describe how access lists are built, and give examples of how to apply those access lists in different situations. Along the way, there are a number of sidebars and notes about concepts and information important to using access lists, and at the end of the book, there are appendixes with useful reference material. A brief note about what I cover: the access lists in this book deal only with the Internet Protocol (IP), though you could probably use many of the same techniques with other network protocols as well. While all the examples involve Cisco IOS access lists, many of the concepts are generic and can be applied to other router vendors' equipment. I've tried to make the examples in this book applicable to as many IOS versions as possible; most examples should work with Versions 10.* and above. If a feature is only available later or is known to fail with certain platforms and versions, I try to point that out. Please note, also, that the terms "access list" and "access control list" are used interchangeably throughout the book. It is unfortunate that the general policy mechanism for Cisco routers is known as an access list. The term access connotes that access lists apply only to the area of security, while in fact access lists are used for a whole range of policies, not just for security concerns. I envision this book as a guide and reference for implementing network policies with access lists on Cisco routers. Cisco IOS Access lists Page 6 Organization Chapter 1, motivates our discussion of access lists by giving examples of why you need to implement network policies. It then describes a framework for thinking about access lists and provides an idea of how we use access lists and the tools for implementing policy. Chapter 2, describes access list fundamentals: the format of the basic types, masking, and ways to maintain access lists. It also discusses some tricks and traps of access lists (like the difference between network masks and access list masks), some common mistakes, and ways to reduce the number of access list entries and access list changes you may need to make. Chapter 3, shows how to use access lists to implement security policies. It has examples of access lists that control access to router resources and to hosts, and discusses the tradeoffs of different kinds of access lists. The chapter includes explanations of how certain protocols work and ends with a discussion of access list alternatives. Chapter 4, describes using access lists to control routing. Network administrators typically use access lists for routing to make sure that their networks are robust and to implement business policy decisions; I include a number of examples demonstrating these tasks. Chapter 5, is about (what else?) debugging access lists. It first goes over how to check that your access lists are correct, and then shows what to do if you discover that they are wrong. Chapter 6, describes more advanced forms of access lists, including community lists, AS path access lists, and route maps. The chapter goes over policy routing and ends with a discussion of using access lists and routes with BGP, the Border Gateway Protocol. Chapter 7, concludes the book with some case studies of how different types and applications of access lists are used together in a variety of scenarios. There are three cases: an example of routers that connect sites within an organization, a firewall example, and a BGP routing example. Appendix A, has a number of tables listing keywords and qualifiers for extended access lists. Appendix B, contains a decimal/binary conversion chart and a table of prefix lengths and their corresponding network masks, access list masks, and valid networks. Appendix C, contains a table of commonly used application ports. Cisco IOS Access lists Page 7 Audience This book is designed for network administrators and others who use Cisco routers to implement policies, whether the policies are for security or to ensure that networks are robust. Basic knowledge of Cisco routers and TCP/IP is assumed. Those who are relatively new to using Cisco routers should start with Chapter 1 and work their way through Chapter 5. Network administrators who need to implement policy-based routing using route maps, whether with interior routing protocols or with BGP, should read Chapter 6. Chapter 7 contains case studies that readers may find useful. Administrators who are experienced in using Cisco routers can use this book as a reference for policy implementation, debugging, and access lists in general. Chapter 2 describes masking techniques that may reduce access list sizes and reduce the number of necessary changes. Chapter 3, Chapter 4, Chapter 6, and Chapter 7 have many examples of implementing basic security, robustness, and business policies. Readers interested in debugging access list problems should find Chapter 5 useful. The three appendixes contain helpful reference tables of access list keywords, decimal to binary conversions, and masks and ports that common applications use. Network administrators may find the table showing network masks, access list masks, and valid networks for each possible prefix length particular useful.

联系我们：verysource_com

CopyRight © 2008-2022 verySource.Com All Rights reserved.　京ICP备17048824号-1　京公网安备：11010502034788