Tuesday, September 29, 2009

How Many Types of ACLs are there in Cisco's Big IOS Security World

Few days back I asked a question to a very confident CCNA Security guy...actually he just came to me before taking CCNA Security exam and asked me...hey,why don't you ask me something related to Security as I am feeling pretty confident that I know lots of security stuff now.

Hmmm...I said Okey and just asked him the following question :-)

How many ACLs and Firewall features we have in IOS related to Router Security ?

He said... Standard ACL, Extended ACL, Named ACL, Reflexive ACL, CBAC & Zone Based Firewall.

Hmmm...his list looks interesting but still not complete...maybe it was not a true CCNA Security Question as I never take a look at it's curriculum...Anyways...Following is my list and see if I missed something...Feel free to drop an email to me if you have something to add in this list.

1. Standard ACL
2. Extended ACL
3. Named ACL
4. TCP Established ACL / Reflexive ACL
5. Turbo ACL
7. Zone Based Firewall
8. Time Based ACL
9. Dynamic ACL / Lock & Key ACL
10. Flexibal Packet Matching ACL
11. ACL to
to prevent fragmented IP packets from reaching you application ports

Holy Cow...Did you ever think about that :-(

I must say even I still need to dig myself about which one takes precedence over other when multiple types are configured together

Some more ACL stuff in coming days along with solution of my last ACL Post...

Happy Studying...

Best Regards,
Deepak Arora
CCIE# XXXXX...Oops that number is still missing :-)

No comments: