1
Q
ACL Basics
A
ACLs can be configured on a router to permit or deny a packet based on a list of conditions
- This list of conditions is read sequentially, top to bottom, by the router until a match is made
- the last condition is always an implied “deny any”
- You can permit or deny packets based upon such things as:
- source address
- destination address
- TCP & UDP ports
2
Q
The 3 Ps for using ACLs
A
One ACL per protocol
One ACL per interface
One ACL per direction
3
Q
standard ACL
A
standard acls should be applied closest to the destination
4
Q
Extended ACL
A
extended ACLs should be applied close to the source as possible
- filter IP packets based on several attributes:
- source and destination IP addresses
- source and destination TCP and UDP ports
- protocol type
5
Q
Basic ACL rules
A
- never work with an access list that is actively applied
2. new lines are always added to the end of thenumbered access list
6
Q
Access list syntax for Standard ACL
A
access-list number deny/permit/remark network or protocol or specific source
Network uses a wildcard mask following
