![]() Numbered ACLsĪCLs 1 to to 1999 are standard ACLs, while ACLs 100 to 1 to 2699 are extended ACLs, as shown in Example 4-5. Notice that the standard ACL 10 is only capable of filtering by source address, while the extended ACL 100 is filtering on the source and destination Layer 3 and Layer 4 protocol (for example, TCP) information.įull IPv4 ACL configuration is discussed in Chapter 5, “ACLs for IPv4 Configuration.” Numbered and Named ACLs (4.4.2)įor IPv4, there are both numbered and named ACLs. Example 4-4 Extended ACL Example R1(config)# access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq www In Example 4-4, the extended ACL 100 permits traffic originating from any host on the 192.168.10.0/24 network to any IPv4 network if the destination host port is 80 (HTTP). Because of the implied “deny any” at the end, all traffic except for traffic coming from the 192.168.10.0/24 network is blocked with this ACL. In this example, ACL 10 permits hosts on the source network 192.168.10.0/24. ![]() Standard ACLs : These ACLs permit or deny packets based only on the source IPv4 address.Įxtended ACLs : These ACLs permit or deny packets based on the source IPv4 address and destination IPv4 address, protocol type, source and destination TCP or UDP ports, and more.įor example, Example 4-3 shows how to create a standard ACL. This section covers standard and extended ACLs and named and numbered ACLs, and it provides examples of placement of these ACLs. The previous sections describe the purpose of ACLs as well as guidelines for ACL creation. This section compares IPv4 standard and extended ACLs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |