The Cisco router can protect an entire network from a single location, and provides strong security filtering through the use of access control lists. Access control lists filter up to the host-to-host layer of the TCP/IP model.

This filtering includes the following:

  • IP addresses
  • protocols
  • port numbers
  • header flags

The router will not filter at the application layer. The IOS supports filtering of additional protocols as well, like IPX, AppleTalk, and others.