UKUUG home

UKUUG

(the UK's Unix & Open Systems User Group)

Home

Events

About UKUUG

UKUUG Diary

Membership

Book Discounts

Other Discounts

Mailing lists

Sponsors

Newsletter

Consulting

 


 

Cisco IOS Access Lists Jeff Sedayao
Published by O'Reilly and Associates
ISBN:1-56592-385-5
260 pages
£ 39.95
Published: 22nd June 2001
reviewed by Raza Rizvi
   in the December 2001 issue (pdf), (html)
bookcover  

Access lists are by their nature both important and somewhat dull to read about. This book certainly does nothing to improve the latter, with reader concentration being required right from the start. There are a number of occasions when concepts are suddenly introduced without explanation, or with explanation occurring later on in the text, e.g. Metrics, and the application of Access Lists to an interface. Even global configuration mode doesn't feature until page 41, and given that this book will surely be used by novice IOS engineers, it would not have been indulgent to explain that a `?' will invoke the IOS help feature!

Certain very useful concepts seem to feature in a throwaway fashion, with very little time spent on them -- the most notable early one being named access lists, which scrapes by with only 1 page.

There are some good tips included within the book, often highlighted or picked out from the main text, for example, the `IOS feature' which corrects an entered IP address supplied with a mask and stores instead the start address of the network block. This can be hard to understand, and dangerous in a configuration, unless you understand that it occurs.

Within chapter three, there is a good walkthrough of a setup of access lists for a public-facing web server, followed by a description of inbound access lists, which of course have already been described -- a situation which is only saved by contrasting their use with outbound access lists, together with a well crafted piece on reflexive access lists. This access list type opens inbound holes for valid outbound traffic, akin to a poor man's stateful inspection firewall.

Chapter 4 is devoted entirely to the use of access lists in route filtering, a tricky subject, and one prone to error in the real world. The examples are accurate but this is very unusual mechanism for manipulating routes, and to his credit the author does end the chapter with alternatives mechanisms for route selection, although without the emphasis they would have received in a general purpose routing volume.

A good chapter on access list debugging is followed by a useful chapter on route maps, with internal routing protocols but in particular with those associated with BGP. Examples are based on weights, Multi-Exit Discriminators (MEDs), and communities, with the debugging theme returning towards the end of this chapter 6, again dealing with BGP.

The final chapter is a set of three case studies, based on a multi-site WAN, a firewall, and an Internet routing. All come with detailed topology maps and IOS config dumps.

The latter chapters save this book, although it does strike me that it may perhaps have been a long time in development and then was rushed out to appear alongside the other recent access list titles. There is too little time spent on IOS features of recent years (named access lists), and complete missing areas (remark options, time based access lists, context based access lists, IPSEC, and queuing). Even the 'burro' on the front cover looks reminiscent of an earlier Cisco based O'Reilly publication!

So in conclusion, one for IOS buffs only, as an adjunct to other texts, and for the case study material.

Back to reviews list

Tel: 01763 273 475
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
Join UKUUG Today!

UKUUG Secretariat
PO BOX 37
Buntingford
Herts
SG9 9UQ
More information

Page last modified 03 Apr 2007
Copyright © 1995-2011 UKUUG Ltd.