Infrastructure ACLs
An infrastructure ACL is typically an extended ACL that is applied to routers residing on the outer edges of an enterprise network. The primary purpose of this ACL is to prevent malicious traffic from entering the enterprise. As an example, an infrastructure ACL could be used to block packet fragments while permitting packets being exchanged with trusted Border Gateway Protocol (BGP) peers, management stations, and transit traffic (that is, traffic whose source and destination are both off-net).
Although the specific elements present in an infrastructure ACL can vary widely from network to network, Example 16-2 shows a sample infrastructure ACL configuration.
Example 16-2 Sample Infrastructure ACL
Get CCNP Routing and Switching ROUTE 300-101 Official Cert Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
