ACCESS -LIST

 ACLs are lists of conditions used to test

network traffic that tries to travel across a
router interface. These lists tell the router
what types of packets to accept or deny.
 The router examines each packet and will
forward or discard it based on the conditions
specified in the ACL.

 An ACL makes routing decisions based on

source address, destination address, protocols,
and upper-layer port numbers.
F0/0
 192.168.1.2

Inbound

F0/0/1F0 F0/1
Outbound

192.168.1.3
IP Address Subnet mask Wild card bits

192.168.4.2 255.255.255.0 0.255.255.255

10.0.0.4 255.0.0.0 0.255.255.255

176.19.4.2 255.255.0.0 0.0.255.255

 Standard

Extended Dynamic

Name- Time-
Based Based
All decisions are based on source ip address

Permit or deny whole suite of protocol

Lower processor utilization .

Extended ACLs check / required
• source packet addresses
• destination packet addresses
• protocols
• port numbers.
Applied to port closest to source host

It can block port, application, protocols

Router(config)# access-list 114 permit tcp 172.16.6.0 0.255.255.255 any equivalent
telnet

Router(config)# access-list 114 permit tcp 172.16.6.0 0.255.255.255 any equivalent ftp

Router(config)# access-list 114 permit tcp 172.16.6.0 0.255.255.255 any equivalent http

OR

Router(config)# access-list 114 permit tcp 172.16.6.0 0.255.255.255 any equivalent 21

Router(config)# access-list 114 permit tcp 172.16.6.0 0.255.255.255 any equivalent 23
Router(config)# access-list 114 permit tcp 172.16.6.0 0.255.255.255 any equivalent 80
Allows a private local network
to appear as one address to
outside networks like the Internet
By:
Anuj Tyagi
wolverinetyagi@yahoo.com