Extended Access Lists

In the standard IP access list example earlier, you had to block all access from the Sales LAN to the finance department. What if you needed Sales to gain access to a certain server on the Finance LAN but not to other network services, for security reasons? With a standard IP access list, you can’t allow users to get to one network service and not another. Said another way, a standard access list won’t allow you to make decisions based on both source and destination addresses because it makes decisions based only on source address.

But an extended access list will hook you up. That’s because extended access lists allow you to specify source and destination addresses as well as the protocol and port number that identify the ...

Get CCNA® Cisco Certified Network Associate: Study Guide, Seventh Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.