< Free Open Study > |
Understanding How Access Lists OperateEssentially, an access list is a set of conditions that are executed sequentially from top to bottom. When a condition is matched, no further comparisons are made, and a true or false result is returned to the process that called the list. The types of access lists have grown over the years . Cisco IOS Software Release 12.0. adds some extended ranges for IP, as Example 14-1 lists. Example 14-1 Access List Range in Cisco IOS Software Release 12.0. router(config)# access-list ? <199> IP standard access list <100199> IP extended access list <10001099> IPX SAP access list <11001199> Extended 48-bit MAC address access list <12001299> IPX summary address access list <13001999> IP standard access list (expanded range) <200299> Protocol type-code access list <20002699> IP extended access list (expanded range) <300399> DECnet access list <400499> XNS standard access list <500599> XNS extended access list <600699> Appletalk access list <700799> 48-bit MAC address access list <800899> IPX standard access list <900999> IPX extended access list Standard access lists filter based on one condition, the match of an address. When you think of access lists, think of them as conditions that are either true or false; they return this result to the process that called them. It is important to think of them in this way because you will use access lists not only to filter packets on interfaces, but also for route maps, redistribution, and other features, such as Network Address Translation (NAT). Therefore, don't limit your thinking of access lists in terms of "networks" or "packets," but consider what process is calling the access list and what is returned to that process. The access list merely returns the result of the condition in the list, either true or false. The process that called the list is then carried out or denied based on the result of the condition. You should follow a few rules and suggestions when configuring any access list:
|
< Free Open Study > |