In this video demonstration, we show an example of writing IOS Access Control Lists (ACL's) on a home router. We use the revision control system (RCS) to maintain the master ACL file and push the ACL's to the router via TFTP. This is similar to many production networks, where maintaing comments and old revisions of ACL's is a requirement. We also show examples explaining the "don't care bit" format of IOS ACLs. Many network engineers mistakenly refer to the format as inverse-netmask, but that is incorrect.

PIXes, FWSMs, and ASA's use a netmask format for ACLs. It is vitally important not to make the mistake of accidentally pushing a netmask format ACL line to an IOS device. That sort of error could result in an unplanned hole in your firewall and a serious security incident.

Podden och tillhörande omslagsbild på den här sidan tillhör Darrell Root. Innehållet i podden är skapat av Darrell Root och inte av, eller tillsammans med, Poddtoppen.