An IP access list
is a sequential collection of permit and deny conditions that apply
to IP addresses or upper-layer IP protocols. There are two types of
IP access lists, standard and extended. The Cisco IOS also supports
access lists for numerous other protocols, as shown in Figure .
The following sections focus on standard and extended IP access
lists, including:
-
a named list configuration
-
a time-based extended
list configuration
-
access list remarks (descriptions)
-
access
list application
Standard IP access lists (numbered 1
to 99 and 1300 to 1999) filter based on source address only. The
syntax for a standard list is relatively straightforward (see Figure
).
Extended IP access lists (numbered
100 to 199 and 2000 to 2699) offer more control than standard access
lists by filtering based on source address, destination address, or
protocol characteristics. The command syntax for an extended list is
far more complex than that for a standard list. Figure
presents a simplified syntax. A look at each of the parameters in
this syntax is beyond the scope of this chapter, although the
keywords time-range and
established are discussed in
the sections that follow.
|