Standard Access Lists

Talic · November 2008

I was reading the Standard Access List example in Todd Lammle's book (page 622 and 623) and I'm a confused when he applied it to the interface. Isn't the access list supposed be on the incoming list for E1 (Finance group that is the ones that are being protected from the evil Sales and Marketing people

) rather then the outbound list? Or better yet, put in on both outbound and inbound lists :P .

msteinhilber · November 2008

The ACL is applied to the outbound E1 interface (E1 connects Finance) which means packets destined for the Finance department (through the E1 interface) will be discarded because the packets reach the router from Sales and to reach Finance they have to go out E1 (hence outbound E1).

Talic · November 2008

Ah alright, it's just another way of saying the closest interface to the network you want to control access to.

A question about the numbering: when adding the number, does it matter which you pick? Is it just used for tracking what list your using? I know the number determines if it's standard or extended but he didn't really explain why the number he picked within that range of 1-99.

networker050184 · November 2008

The number is for tracking purposes and also the number determines what type of ACL.

Cisco Router wrote:

R1(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<1000-1099> IPX SAP access list
<1100-1199> Extended 48-bit MAC address access list
<1200-1299> IPX summary address access list
<1300-1999> IP standard access list (expanded range)
<200-299> Protocol type-code access list
<2000-2699> IP extended access list (expanded range)
<300-399> DECnet access list
<600-699> Appletalk access list
<700-799> 48-bit MAC address access list
<800-899> IPX standard access list
<900-999> IPX extended access list

Standard Access Lists

Comments