Access lists allow an administrator to
specify conditions that determine how a router will control traffic
flow. Access lists are used to permit or deny traffic through a router
interface. The two main types
of access lists are standard and extended.
Standard access lists
- Standard access lists for IP check
the source address of packets that could be routed. The result
permits or denies output for an entire protocol suite, based on
the network/subnet/host address.
- For example, packets coming in E0
are checked for address and protocol. If permitted, the packets
are routed through S0.
- If the packets are denied by the
standard access list, all these packets for the given category are
dropped.
Extended access lists
- Extended access lists check for both
source and destination packet addresses. They also can check
for specific protocols, port numbers, and other parameters. This
allows administrators more flexibility to describe what checking
the access list will do. Packets can be permitted or denied output
based on where the packet originated and on its destination.
- The extended access list also
permits or denies with more granularity. For example, it can allow
electronic mail traffic from E0 to specific S0 destinations, while
denying remote logins or file transfers.
|