ACCESS LISTS
IP access lists are a sequential list of
permit and deny conditions that apply to IP addresses or upper-layer
protocols. Access Control Lists are used in routers to identify and
control traffic.
Put standard access lists as near the destination as possible and extended access lists as close to the source as possible.
Access lists have an implicit deny at
the end of them automatically. Because of this, an access list should
have at least one permit statement in it; otherwise the access list will
block all remaining traffic.
Access lists applied to interfaces default to outbound if no direction is specified.
-1 is used with IPX access lists to specify wildcard networks.
Limiting broadcast traffic is important because a broadcast frame is more likely to cause a collision than a unicast frame.
There are two types of access lists
Standard access lists;
standard IP access lists check source address of packets. The result
permits or denies the packet output for the ENTIRE PROTOCOL SUITE based
on the only source address. Standard access lists do not specify
destination addresses. Standard access list have a number from 1 to
99.IPX Standard access lists are numbered from 800 to 899.
Extended access lists;
extended IP access lists check for both source and destination packet
addreses.They can also check for SPECIFIC PROTOCOLS,port numbers,and
other parameters,which give administrators more flexibility and control.
Extended access lists have a number from 100 to 199.IPX extended access
lists are numbered from 900 to 999.
0 comments:
Post a Comment