Access List Basics

An access list is a sequential series of filters. Each filter comprises some sort of matching criteria and an action. The action is always either permitor deny. The matching criteria may be as simple as a source address; alternatively, they may be a more complex combination of source and destination addresses, protocol type, ports or sockets, and specifications of the state of certain flags, such as the TCP ACK bit.

A packet is “dropped into” the top of the stack of filters (Figure B.2). At each filter, the matching criteria is applied. If a match occurs, the specified permit or deny action is executed. If a match does not occur, the packet “drops down” to the next filter in the stack, and the matching process is applied again. ...

Get Routing TCP/IP, Volume I (CCIE Professional Development) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.