08-08-2012, 05:04 PM
Managing Traffic with
Access Lists
[attachment=30667]
There are a few important rules
It’s always compared with each line of the access list in sequential order
It’s compared with lines of the access list only until a match is made.
There is an implicit “deny” at the end of each access list—this means that if a packet doesn’t match the condition on any of the lines in the access list, the packet will be discarded.
two main types of access lists:
Standard access lists
These use only the source IP address in an IP packet as the condition test.All decisions are made based on source IP address. This means that standard access lists basically permit or deny an entire suite of protocols. They don’t distinguish between any of the many types of IP traffic such as WWW, Telnet, UDP, etc.
Extended access lists
Extended access lists can evaluate many of the other fields in the layer 3 and layer 4 headers of an IP packet.
They can evaluate source and destination IP addresses, the protocol field in the Network layer header, and
port number at the Transport layer header. This gives extended access lists the ability to make much more granular decisions when controlling traffic.
Outbound access lists
When an access list is applied to outbound packets on an interface,those packets are routed to the outbound interface and then processed through the access list before being queued.
[attachment=30667]
There are a few important rules
It’s always compared with each line of the access list in sequential order
It’s compared with lines of the access list only until a match is made.
There is an implicit “deny” at the end of each access list—this means that if a packet doesn’t match the condition on any of the lines in the access list, the packet will be discarded.
two main types of access lists:
Standard access lists
These use only the source IP address in an IP packet as the condition test.All decisions are made based on source IP address. This means that standard access lists basically permit or deny an entire suite of protocols. They don’t distinguish between any of the many types of IP traffic such as WWW, Telnet, UDP, etc.
Extended access lists
Extended access lists can evaluate many of the other fields in the layer 3 and layer 4 headers of an IP packet.
They can evaluate source and destination IP addresses, the protocol field in the Network layer header, and
port number at the Transport layer header. This gives extended access lists the ability to make much more granular decisions when controlling traffic.
Outbound access lists
When an access list is applied to outbound packets on an interface,those packets are routed to the outbound interface and then processed through the access list before being queued.