Access lists can control traffic for most protocols on a Cisco router.
The Figure shows the protocols and number ranges of
the access list types. An
administrator enters a number in the protocol number range as the
first argument of the global access list statement. The router
identifies which access list software to use based on this numbered
entry. Access list test conditions follow as arguments. These
arguments specify tests according to the rules of the given protocol
suite. The meaning or validity of the standard and extended
identification scheme for access lists varies by protocol.
Many access lists are possible for a
protocol. A different number must be selected from the protocol number
range for each new access list. Keep in mind, though, that only one
access list can be specified per protocol, per interface, per
direction.
NOTE: With Cisco IOS Release
11.2 and later you can also identify a standard or extended IP access
list with an alphanumeric string (name) instead of the current numeric
(1 to 199) representation. This can be an easier identification method
to administer. Named IP access lists provide other advantages covered
later in this chapter.
|