Cisco Networking Academy Program CCNA 1 and 2 Companion Guide, Revised part 88 is the Cisco approved textbook to use alongside version of the Cisco Networking Academy Program CCNA 1 and CCNA 2 web-based courses. The topics covered provide you with the necessary knowledge to begin your preparation for the CCNA certification exam (640-801, or 640-821 and 640-811) and to enter the field of network administration. | Page 839 Tuesday May 20 2003 2 53 PM Page 840 Tuesday May 20 2003 2 53 PM Objectives Upon completion of this chapter you will be able to Understand the purpose of ACLs Describe how ACLs work Determine which wildcard mask should be used Describe and use standard ACLs extended ACLs and named ACLs Describe a simple firewall architecture I Page 841 Tuesday May 20 2003 2 53 PM Chapter 20 Access Control Lists In this chapter you learn about using standard and extended access control lists ACLs as a means to control network traffic and how ACLs are used as part of a security solution. In addition this chapter includes tips considerations recommendations and general guidelines on how to use ACLs and includes the commands and configurations needed to create ACLs. Finally this chapter provides examples of standard and extended ACLs and shows how to apply ACLs to router interfaces. Please be sure to look at this chpater s associated e-Labs Videos and PhotoZooms that you will find on the CD-ROM accompanying this book. These CD elements are designed to supplement the material and reinforce the concepts introduced in this chapter. ACL Overview Network administrators must be capable of denying unwanted access to the network while allowing appropriate access. Although security tools such as passwords callback equipment and physical security devices are helpful they often lack the flexibility of basic traffic filtering and the specific controls that most administrators prefer. For example a network administrator might want to allow users access to the Internet but might not want external users Telnetting into the LAN. Routers provide basic traffic-filtering capabilities such as blocking Internet traffic with access control lists ACLs . An ACL is a sequential collection of permit or deny statements that apply to addresses or upper-layer .