
When implementing [Infrastructure ACLs](/infrastructure-acls-etymology), it’s important to determine the direction of traffic filtering—whether inbound or outbound—based on specific security goals. For instance, infrastructure ACLs designed to prevent various incoming [ICMP](/icmp) message types would typically be applied inbound on the Internet-facing interface to protect edge routers by dropping incoming [ping](/ping) requests, and ensuring that such traffic doesn’t propagate beyond intended destinations within the network. Customizing these [ACLs](/access-list-acl) based on specific network architecture and security requirements is crucial to maintaining robust network security.

## Links

https://networklessons.com/security/infrastructure-access-list

Infrastructure ACLs Application Best Practices

IPv4 Private IP address ranges

IPv4 Subnetting invalid entry causing network address of zero

IPv4 header length field

IPv4 network and broadcast addresses

IPv4 point to point addresses

IPv4

IPv6 - ACLs, RAs, and RSes

IPv6 - DHCPv6

IPv6 - EUI-64 best practice

IPv6 - IPv4-mapped IPv6 address

IPv6 - NDP Neighbor Discovery Process

IPv6 - NDP preferred and valid lifetimes

IPv6 - Network and Interface Identifiers

IPv6 - Prefix Length used for SLAAC

IPv6 - RA suppression command

IPv6 - SLAAC

IPv6 - Site Local addresses

IPv6 - Unique Local addresses

IPv6 - Valid and Preferred Addresses

IPv6 - destination guard

IPv6 - enabling on a shutdown interface

IPv6 - ipv6 nd prefix command

IPv6 - loopback address

IPv6 - prefix length

IPv6 - understanding how to enable IPv6 functionality and routing on an IOS device

IPv6 EIGRP static neighbors

IPv6 EUI-64 host address configuration method

IPv6 Neighbor Discovery Protocol Extensions

IPv6 computing a global unicast address

IPv6 first hop security features on CML

IPv6 global unicast address

IPv6 link-local address

IPv6 minimum and maximum prefix lengths

IPv6 mobility features

IPv6 simplicity and complexity of various prefix values

IPv6 stateless DHCP active clients equals zero

IPv6 transition technologies

IPv6

IS-IS - Maximum composite metrics

IS-IS - attached bit

IS-IS - route filtering

IS-IS - up-down bit

IS-IS multitopology support

IS-IS

ISDN

ISIS circuit-type command

ISP Peering

ISPs, tiers, transiting, and the Internet

Importance of self-study for CCIE or CCDE

Infrastructure ACLs Etymology

Interface - configuring a range of interfaces

Interface - no carrier counter

Interface - show interfaces counters explained

Interface - unknown protocol drops

Interface MTU and Frame Handling

Interface speed and bandwidth

Interior Gateway Protocol (IGP)

Internet Exchange Point (IXP)

Internet Service Provider (ISP)

Intrusion prevention system (IPS)

Kron task scheduler

L2 LISP for Data Center Mobility

L2TPv3 over IPSec

L2TPv3

LACP

LAG - Multi-Chassis LAG

LAG Support in IOS-XR

LFA - Topology Independent LFA

LFA, remote LFA, and how they work together in OSPF

LISP - map request and reply process

LISP - what is it

LISP and overlapping address spaces

LISP debug traffic between two EIDs

LISP host mobility use cases

LISP where EID-to-RLOC mappings originate

LISP

Layer 2 (L2) LISP

Layer 2 network

Link State Routing Protocols

Linux - Line continuation character backslash

Local Proxy ARP

Loop-Free Alternate (LFA) Fast Reroute (FRR)

Loop-Free Alternate (LFA) and remote LFA

Loop-free Network Design and FHRP Protocols

Loop-free layer 2 network design

Loops in layers 2 and 3

MAC - changing the MAC address on a switchport

MAC Access List EtherType

MAC Access List

MAC Address Table - Static assignment use cases

MAC address flapping

MAC address of all zeros

MAC address table - Switches maintain one table per VLAN

MAC address table - multiple entries of the same MAC address

MAC address table - multiple static entries

MAC address table - show command on Nexus device

MAC address table - static entry

MAC address table populated using source address field