Cisco routers are used widely both on the Internet and in corporate intranets. At the same time, the Cisco Internet Operating System (IOS) has grown to be very large and complex, and Cisco documentation fills several volumes.
Cisco IOS Access Lists focuses on a critical aspect of the Cisco IOS--access lists. Access lists are central to the task of securing routers and networks, and administrators cannot implement access control policies or traffic routing policies without them. Access lists are used to specify both the targets of network policies and the policies themselves. They specify packet filtering for firewalls all over the Internet.
Cisco IOS Access Lists covers three critical areas:
Intranets. The book serves as an introduction and a reference for network engineers implementing routing policies within intranet networking.
Firewalls. The book is a supplement and companion reference to books such as Brent Chapman's Building Internet Firewalls. Packet filtering is an integral part of many firewall architectures, and
Cisco IOS Access Lists describes common packet filtering tasks and provides a "bag of tricks" for firewall implementers.
The Internet. This book is also a guide to the complicated world of route maps. Route maps are an arcane BGP construct necessary to make high level routing work on the Internet.
Cisco IOS Access Lists differs from other Cisco router titles in that it focuses on practical instructions for setting router access policies. The details of interfaces and routing protocol settings are not discussed.
Chapter 1 Network Policies and Cisco Access Lists
The policy toolkit
Chapter 2 Access List Basics
Standard access lists
Extended access lists
More on matching
Building and maintaining access lists
Named access lists
Chapter 3 Implementing Security Policies
Router resource control
Packet filtering and firewalls
Alternatives to access lists
Chapter 4 Implementing Routing Policies
Fundamentals of route filtering
Implementing routing modularity
Implementing route preferences
Alternatives to access lists
Chapter 5 Debugging Access Lists
Router resource access control lists
Packet-filtering access control lists
Route-filtering access control lists
Chapter 6 Route Maps
Other access list types
Generic route map format
Interior routing protocols and policy routing
Debugging route maps and BGP
Chapter 7 Case Studies
A WAN case study
A firewall case study
An Internet routing case study
Appendix Extended Access List Protocols and Qualifiers
Jeff Sedayao is a network engineer with Intel Online Services, the web and application hosting division of Intel Corporation. From 1987 through 1999, he architected and maintained Intel's Internet connectivity, starting with a simple 2400-bps email link through CSNET and ending up with multiple sites connecting to the Internet with multiple ISPs at multi-megabit speeds. He has always been fascinated with policy and policy implementation, ranging from using Cisco IOS access lists for routing and firewall policies to sendmail configurations and address space design. As part of Intel Online Services, his main interests include network usage and performance issues, DNS and email implementation, and addressing and routing policy.
Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The animal on the cover of Cisco IOS Access Lists is a burro. "Burro" is, more or less, just another word for donkey, but it is also used specifically to mean a type of small feral donkey found in the southwestern United States and in Mexico.
Donkeys (Equus asinus) are descended from the African wild ass. They stand three to five feet tall at the shoulder, have a short mane, tufted tail, and big ears, and live for about 25 years. They were domesticated over 5,000 years ago, and they are still often used as pack animals, due to their surefootedness on rough terrain. Donkeys can be mated with horses, but the offspring of these matings are usually sterile. A female donkey (called a jennet or jinny) mated with a male horse produces an animal called a hinny. The offspring of a male donkey (jackass) and a female horse is a mule.
The feral burros of the southwestern U.S. and Mexico are the descendants of escaped and freed pack animals. Some believe the large feral burro population is driving desert bighorn sheep into extinction, by competing with them-successfully, it would seem-for scarce desert resources. Emily Quill was the production editor, Matt Hutchinson was the copyeditor, and Mary Anne Weeks Mayo was the proofreader for Cisco IOS Access Lists. Colleen Gorman and Catherine Morris performed quality control reviews, and Edith Shapiro provided production assistance. Lucie Haskins wrote the index.
Ellie Volckhausen designed the cover of this book, based on a series design by Edie Freedman. The cover image is a 19th-century engraving from Old-Fashioned Animal Cuts. Emma Colby produced the cover layout with QuarkXPress 4.1 using Adobe's ITC Garamond font.
Melanie Wang designed the interior layout based on a series design by Nancy Priest. Anne-Marie Vaduva converted the files from Microsoft Word to FrameMaker 5.5.6 using tools created by Mike Sierra. The text and heading fonts are ITC Garamond Light and Garamond Book; the code font is Constant Willison. The illustrations that appear in the book were produced by Robert Romano and Jessamyn Read using Macromedia FreeHand 9 and Adobe Photoshop 6. This colophon was written by Leanne Soylemez.
Very disappointed in the number of errors in this book. I am certainly no Cisco or Access List expert but I couldn't believe the errors. Especially the appendix that I was going to use as a quick reference. Table B2 has many errors lucky i noticed them before I started to use them. Maybe without all the errors it could have been a good book.
While I found the content to be good for a beginner level, the number of errors in the examples made it very hard to follow (especially for a beginner like me)! Even the list of standard subnets in the Appendix was wrong.
There are quite a few good concepts in the book related to the control of routing updates, but not much detail on other things. I would hope that the 2nd Edition would fix the many typos and include more concepts that people would be interested in.
While I feel that the book taught me the things that I bought it for, I do feel disappointed at having to pay $105 Australian for it.
Not bad in content but very poor editing. Examples are often confusing due to editing errors, like misnamed access lists, and referrence to non-existant lists. Would be a good-to-average book if editing was up to par, but until the many errors in the examples are corrected, i can't recommend it.
After reading chapters one and two, I was more confused! The book is poorly written and very hard to understand. One example in partcular is on page 23, about limit access to payroll. What does that mean? Are you partially denying access or are you partially permitting access? How do you do that? Hey access this,I'm returning your very badly written book.
I was disappointed. While basic ACLs are covered nicely the book lacks depth. If the intent was ACLs then where are ACLs like access-list 700 or 1100 ? If the intent was ACLs for router security then where's all the security info? If you want exact details see: http://nsa1.www.conxion.com - the NSA's Router Security Guide (free). Not enough of ACL troubleshooting, for example:
I did like the stuff on ACLs and routing. Nothing on IPsec, or protocols. Here's hoping the second edition will pick up where this left off. Good newbie book.