Cisco has two type of access lists
1. Standard access-list
2. Extended access-list
Standard access list number ranges from 1 to 99 while extended access list number ranges from 100 to 199. In newer IOS releases, you may give a string name to an extended access list. In Cisco IOS Software Release 12.0.1 and onwards, standard ACLs begin to use additional numbers (1300 to 1999) and extended ACLs begin to use additional numbers (2000 to 2699).
Standard access list only allows you to permit or deny traffic from specific network or host. The destination of the packet and the ports involved do not matter. Standard ACLs control traffic by the comparison of the source address of the IP packets to the addresses configured in the ACL Example
access-list 10 permit 192.168.3.0 0.0.0.255
Extended IP access list creates a packet filtering firewall. This is where you specify the allowed destinations of each packet from an allowed source.Extended ACLs allow you to permit or deny traffic from specific IP addresses to a specific destination IP address and port. It also allows you to specify different types of traffic such as ICMP, TCP, UDP, etc. It is very granular and allows you to be very specific. Example
access-list 101 permit tcp 63.36.9.0 0.0.0.255 any eq 80
access-list 102 permit tcp any 63.36.9.0 0.0.0.255 established
After the ACL is defined, it must be applied to an appropriate interface (inbound or outbound) for the desired effect. Example
access-group 101 out
access-group 102 in
Ref:-
1. http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml
2. http://www.networkclue.com/routing/Cisco/access-lists/index.aspx
No comments:
Post a Comment