Access List in 21 Days Essay

13662 Words Sep 7th, 2012 55 Pages
ACL
Standard

Extended

Any

Access 0.0.0.0 Lists permit deny

Workbook
Version 1.0

Instructor’s Edition

access-group
Wildcard Mask

access-list

Access-List Numbers
IP Standard IP Extended Ethernet Type Code Ethernet Address DECnet and Extended DECnet XNS Extended XNS Appletalk 48-bit MAC Addresses IPX Standard IPX Extended IPX SAP (service advertisement protocol) IPX SAP SPX Extended 48-bit MAC Addresses IPX NLSP IP Standard, expanded range IP Extended, expanded range SS7 (voice) Standard Vines Extended Vines Simple Vines Transparent bridging (protocol type) Transparent bridging (vender type) Extended Transparent bridging Source-route bridging (protocol type) Source-route bridging (vender type) 1 100 200 700 300
…show more content…
...must be configured on your router before you can deny packets. ...can be written for all supported routed protocols; but each routed protocol must have a different ACL for each interface. ...must be applied to an interface to work.

How routers use Access Lists
(Outbound Port - Default) The router checks to see if the packet is routable. If it is it looks up the route in its routing table. The router then checks for an ACL on that outbound interface. If there is no ACL the router switches the packet out that interface to its destination. If there is an ACL the router checks the packet against the access list statements sequentially. Then permits or denys each packet as it is matched. If the packet does not match any statement written in the ACL it is denyed because there is an implicit “deny any” statement at the end of every ACL.

1

Standard Access Lists
Standard Access Lists... ...are numbered from 1 to 99. ...filter (permit or deny) only source addresses. ...do not have any destination information so it must placed as close to the destination as possible. ...work at layer 3 of the OSI model.

Why standard ACLs are placed close to the destination.
If you want to block traffic from Juan’s computer from reaching Janet’s computer with a standard access list you would place the ACL close to the destination on Router D, interface E0. Since its using only the source address to permit or deny packets the ACL here will not effect packets reaching

Related Documents