IP Access Lists

Standard and extended access lists filter IP traffic. An access list is basically a set of permit or deny statements. Standard access lists control IP traffic based on the source address only. Extended access lists can filter on source and destination addresses. Extended access lists can also filter on specific protocols and port numbers. This section covers how a Cisco router handles access lists.

Access Lists on Cisco Routers

By default, a Cisco router permits all IP and TCP traffic unless an access list is defined and applied to the appropriate interface. Figure 4-4 illustrates the steps taken if an access list is configured on a Cisco router.

Figure 4-4. Access List Decision Taken by a Cisco Router

If an incoming IP packet ...

Get CCIE Security Exam Certification Guide now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.