compared to the access lists sequentially until a match is found. If no match
is found, the packet is discarded. Access lists filter content going through the
router, not the traffic originated by the router. You should place standard IP
access lists as close to the destination as possible, whereas extended IP
access lists should be as close from the source as possible. You can only
assign two access lists per interface, one in each direction.
access-list number deny/permit sourcehostname/(address matching- range)/any/(host address)
access list it is. It is dependant on the IOS you are using.
matching-range, the matching-range
is defined by a set of
wildcards corresponding to the number of addresses-1. The number of addresses
are restricted to the power of two (1, 2, 4, 8, 16, 32, 64, 128, 256) thus the
matching-range is restricted to (0, 1, 3, 7, 15, 31, 63, 127, 255). The address
must also start at a multiple of the block size. For example, to allow
172.10.32.0 to 172.10.63.255, you would use the command:
You would not be able to choose to permit from 172.10.35.0 to 172.10.66.255.
matching- range)/any/(host destaddress)] [(eq/neq/gt/lt port#)/(range port#start
port#end)] [log/log-input]
you desire to filter out ports names. port# can also be a well known
port name.
destaddress (where –1 defines any.)
sourceaddress sourcesocket destaddress destsocket
servicetype
input-sap-filter/output-sap-filter number : stop SAP entries from
being entered in the SAP table or from being propagated out.
[number]: displays all or a specific access list,
but does not show what interface(s) it is applied to.
access-list : shows only IP access
lists on the router but doesn’t indicate which interface (if any) they apply
to.
access-list: shows only the access
lists and SAP filters but doesn’t indicate which interface (if any) they apply
to.
interface: shows which interfaces
have access lists applied to.
interface [interface/brief]: shows the IPX address of all or one
interface, as well as its access list and inbound/outbound SAP filters.
running-config: shows the access lists
and what interfaces they are applied to.
packets filtered at each line of an access-list