cisco ios access-list  

Friday, March 27, 2009

o'reilly cisco ios access-list
------------------------------

chapter 1:
----------

Network policies and cisco access lists
---------------------------------------

The three concerns that motivate the need for access policies are:

> security
> robustness
> business drivers


1.1 policy sets :
-----------------

If you think about policies in general every policy has two parts "what" and "how"

> "what" descirbes the objects included in a policy
> "how" describes how those objects are affected by the policy

The "what" of the policy , the set of objects affected , is what we will call the 'policy
set'


> policy sets are defined using a series of "policy set entries" . These entries include or
exclude objects of interest from a policy set


1.1.1 charecterstics of policy sets:
------------------------------------

> we add each entry to the policy set in order specified . This is important because objects
are compared sequentially against a policy set . As soon as object matches a plicy set
entry, no more matching is done

> enforcing policies takes up resources and has costs . The longer the policy set , the
longer it takes to enforce the policy and more resources are requried



1.1.2 Policy sets in networks:
------------------------------

> In network poicies , policy sets are sets of the network objects that pass through or into
router

> Three types of network objects that router process are :

host ip addresses
packets
routes

> policy sets of host ip addresses
> policy sets of packets
> complex policy sets

* The function of cisco access list is to hold the specification of a policy set

> access lists are built of access list entries , which directly correspond with policy set
entries



1.2 The policy toolkit
----------------------

> "policy toolkit" a set of four "tools" that are general techniques for manipulating policy
sets
> The policy tools fit into "how" of the conceptual frame work

There are 4 kinds of tools we can use with policy sets to implement network policy . These
tools control following

-> Router resources
-> Packets passing through the router
-> Routes accepted and distributed
-> Routes based on charecterstics of those routes

Design by Blogger Buster | Distributed by Blogging Tips