Chapter 9 began with an overview of the purpose of Cisco IOS access lists, and their role in filtering network traffic. This included a look at the order in which access lists are evaluated, the different types of access lists that exist (standard and extended), as well as the different ways in which access list […]

You might recall from Chapter 8 that the ipx routing command also initiates the broadcasting of IPX SAP updates between routers. The information contained in SAP updates can be filtered using IPX SAP access lists, which use the numerical range 1000-1099. By properly implementing these access lists you can control the extent to which certain […]

In the same way that extended IP access lists give you a more granular level of control over IP traffic, extended IPX access lists allow you a finer level of control over IPX traffic. Extended IPX access lists not only allow you to filter traffic based on source and destination IPX addresses, but also IPX […]

In the same way that access lists can be used to permit or deny IP-based traffic from passing through a router, IPX access lists control the flow of IPX traffic. A standard IPX access list is a little different that a standard IP access list. The standard IPX variety allows traffic to be filtered based […]

Unlike standard IP access lists (which only allow you to filter packets based on their source IP address), extended IP access lists allow a much more granular level of control. Extended IP access lists allow filtering not only on source addresses, but also on destination addresses, protocols, and even applications, based on their port number. […]

In the standard IP access list that we looked at in the previous example, you learned how to define a rule that would permit or deny access to a single host. In reality, you will probably wish to permit or deny access to a range of hosts rather than just one. Perhaps you’ll want to […]

As mentioned earlier, a standard IP access list provides basic packet filtering abilities, based on the source IP address of a packet only. As a general rule, apply standard IP access lists close to the destination network to which you wish to permit or deny access.
Consider the figure below - in this simple network, we […]

After an access list has been created, it ultimately needs to be applied to an interface in order to filter traffic. Access lists can be applied in one of two ways – inbound or outbound. Differentiating between the two and understanding both is critical.
Inbound. When an access list is applied to an interface as inbound, […]

Two major types of access lists exist in the Cisco IOS – standard and extended. Standard access lists provide basic filtering capabilities. For example, a standard IP access list only allows the source address of a packet to be used in filtering decisions. Extended access lists allow filtering to be accomplished in a more granular […]

An access list can be (and usually is) made up of more than just one packet-filtering rule. Rules in an access list are evaluated from the start of the list, in sequential order. The evaluation process occurs only until the conditions of one of the rules are met. After that, no further rules are looked […]