Filter
Top Products
Configuring IP Services
Filtering IP Packets Using Access Lists
IPC-87
Cisco IOS IP Configuration Guide
When configuring your key chains and keys, be aware of the following guidelines:
• The key chain configured for the DRP Server Agent in Step 1 must match the key chain in Step 2.
• The key configured in the primary agent in the remote router must match the key configured in the
DRP Server Agent in order for responses to be processed.
• You can configure multiple keys with lifetimes, and the software will rotate through them.
• If authentication is enabled and multiple keys on the key chain happen to be active based on the
send-lifetime values, the software uses only the first key it encounters for authentication.
• Use the show key chain command to display key chain information.
Note To configure lifetimes for DRP authentication, you must configure time services for your router. For
information on setting time services, see the Network Time Protocol (NTP) and calendar commands
in the “Performing Basic System Management” chapter of the Cisco IOS Configuration
Fundamentals Configuration Guide.
Filtering IP Packets Using Access Lists
Packet filtering helps control packet movement through the network. Such control can help limit network
traffic and restrict network use by certain users or devices. To permit or deny packets from crossing
specified interfaces, we provide access lists.
You can use access lists in the following ways:
• To control the transmission of packets on an interface
• To control vty access
• To restrict contents of routing updates
This section summarizes how to create IP access lists and how to apply them.
See the “IP Services Configuration Examples” section at the end of this chapter for examples of
configuring IP access lists.
An access list is a sequential collection of permit and deny conditions that apply to IP addresses. The
Cisco IOS software tests addresses against the conditions in an access list one by one. The first match
determines whether the software accepts or rejects the address. Because the software stops testing
conditions after the first match, the order of the conditions is critical. If no conditions match, the
software rejects the address.
The two main tasks involved in using access lists are as follows:
1. Create an access list by specifying an access list number or name and access conditions.
Step 4
Router(config-keychain-key)# key-string text
In key-chain key configuration mode, identifies the key
string.
Step 5
Router(config-keychain-key)# accept-lifetime
start-time {infinite | end-time | duration
seconds}
(Optional) Specifies the time period during which the key
can be received.
Step 6
Router(config-keychain-key)# send-lifetime
start-time {infinite | end-time | duration
seconds}
(Optional) Specifies the time period during which the key
can be sent.
Command Purpose