O'Reilly logo

CCIE Security Exam Certification Guide by Henry Benjamin

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

IP Access Lists

Standard and extended access lists filter IP traffic. An access list is basically a set of permit or deny statements. Standard access lists control IP traffic based on the source address only. Extended access lists can filter on source and destination addresses. Extended access lists can also filter on specific protocols and port numbers. This section covers how a Cisco router handles access lists.

Access Lists on Cisco Routers

By default, a Cisco router permits all IP and TCP traffic unless an access list is defined and applied to the appropriate interface. Figure 4-4 illustrates the steps taken if an access list is configured on a Cisco router.

Figure 4-4. Access List Decision Taken by a Cisco Router

If an incoming IP packet ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required