Some general properties of access lists
|
At this point, it is useful to note the similarities and differences between the standard access list and the extended access list. While an extended access list entry matches against two IP addresses as opposed to one IP address for the standard access list, both match each IP address against an IP address and wildcard masks combination in exactly the same way. Another syntactic difference is that masks of 0.0.0.0 are not optional with extended access lists. Remember that a router assumes a mask of 0.0.0.0, meaning to match the address exactly if a standard access list entry leaves off a mask from an IP address. Even with the standard access list use of an implied mask, IP address and mask matching is the same for both kinds of lists. Another common feature of standard and extended access lists is that both have an implicit deny at the end. Thus we could have rewritten our access list 101 as: access-list 101 permit tcp 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0 eq 80
access-list 101 permit tcp 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0 eq 443 The final access list entry that denied all other IP traffic to the web server is redundant. IP address and wildcard mask matching and the implicit deny are common to all Cisco access list structures and are important concepts in understanding access lists. Other access list structures that well see later on use the same concepts. |
ReplyHot Group
Fixed Network Info Community
Members:9567 Posts:9359
Members:9567 Posts:9359
Wireless Network Info Community
Members:2492 Posts:11268
Members:2492 Posts:11268
Core Network Info Community
Members:1125 Posts:14717
Members:1125 Posts:14717
Support HedEx User Group
Members:13679 Posts:4884
Members:13679 Posts:4884
Network OSS Club
Members:4641 Posts:1596
Members:4641 Posts:1596