Professional Documents
Culture Documents
Bogdan Doinea
Technical Manager Europe Central
&RCIS
bdoinea@cisco.com
Numbered ACLs
Standard
Use only layer 3 source addresses
access-list
access-list 10
10 permit
permit 192.168.146.0
192.168.146.0 0.0.1.255
0.0.1.255
Extended
Can filter using layer3/4 information and by source/destination addresses
access-list
access-list 101
101 permit
permit tcp
tcp host
host 10.1.1.2
10.1.1.2 host
host 172.16.1.1
172.16.1.1 eq
eq telnet
telnet
Limitations?
When editing, we can only add statements to the end of the ACL
Cisco Confidential
ip
ip access-list
access-list extended
extended in_to_out
in_to_out
permit tcp host 10.1.1.2 host 172.16.1.1 eq telnet log
deny
deny ip
ip any
any any
any
All ACLs have an implicit, invisible deny statement at the end
ONLY if they have at least one statement
Cisco Confidential
Cisco Confidential
http://lms.netacad.net/course/view.php?id=3101
Cisco Confidential
Thank you.