For TCP/IP packet filters, Cisco IOS
access lists check the packet and upper-layer headers.
You will learn how to check packets
for:
- Source IP addresses using standard
access lists; identify these with a number in the range 1 to 99.
- Destination and source IP addresses
or specific protocols using extended access lists; identify these
with a number in the range 100 to 199.
- Upper-level TCP or UDP port numbers
in addition to the other tests in extended access lists; also
identify these with a number in the range 100 to 199.
For all of these access lists, after a packet matches an access list statement, it can be denied or permitted using the selected interface.
|