Recent Articles


Outsourcing The Grunge Work
Interesting ideas floating around today, the basic premise is that people are earning a lot of money to build and tear down ACL's, manage routers, switches, firewalls, and other general day to day maintenance. As well as...

Novell Banks On New Microsoft Customers
The agreement between Novell and Microsoft on marketing SuSE Linux to Microsoft customers seeking a heterogenous environment of Windows and Linux servers has been bolstered by a trio of deals with financial institutions. Part of that Microsoft-Novell deal involves...

Hardware Load Balancing Lightens Server Load
Load balancing is the even distribution of computer processing and communication activities so that a server is not overwhelmed. Load balancing is especially important for networks where it is difficult to...

Oracle E-Business Suite's New SysAdmin Features
Fear not System Administrators: There are exciting new system administration features in the pipeline for managing e-Business Suite environments. Well, I've made it back home to Charlotte and I'm getting...

Another Old SCO Box
The last time I saw a SCO 3.2v4.2 system was the summer of 2004, but another peeked out of the bushes this week.This was at a hotel; apparently formerly a Bass Hotel but now owned by another firm. Their system...

Results In For Survey On Network Outsourcing
The results of the latest IDC WAN Manager Survey indicated something of a mixed outlook for enterprise network outsourcing services and providers. The former may enjoy "robust growth" in the coming months; the latter could "face challenges." According to ID...

Multicasting And The RPF Check
Multicasting is a vital topic on your BCMSN, CCNP, and CCIE exams, and it can also be very confusing when you first start studying it. Multicasting uses concepts that are unlike anything you´ve run into in your routing protocol studies, and that can throw you at first. I speak...

01.19.07

Configuring Standard Access Lists

By Chris Bryant

Access Control Lists (ACLs) allow a router to permit or deny packets based on a variety of criteria.

The ACL is configured in global mode, but is applied at the interface level. An ACL does not take effect until it is expressly applied to an interface with the ip access-group command. Packets can be filtered as they enter or exit an interface.

If a packet enters or exits an interface with an ACL applied, the packet is compared against the criteria of the ACL. If the packet matches the first line of the ACL, the appropriate "permit" or "deny" action is taken. If there is no match, the second line's criterion is examined. Again, if there is a match, the appropriate action is taken; if there is no match, the third line of the ACL is compared to the packet.

This process continues until a match is found, at which time the ACL stops running. If no match is found, a default "deny" takes place, and the packet will not be processed. When an ACL is configured, if a packet is not expressly permitted, it will be subject to the implicit deny at the end of every ACL. This is the default behavior of an ACL and cannot be changed.

A standard ACL is concerned with only one factor, the source IP address of the packet. The destination is not considered. Extended ACLs consider both the source and destination of the packet, and can consider the port number as well. The numerical range used for each is different: standard ACLs use the ranges 1-99 and 1300-1399; extended lists use 100-199 and 2000 to 2699.

There are several points worth repeating before beginning to configure standard ACLs.

Standard ACLs consider only the source IP address for matches.

The ACL lines are run from top to bottom. If there is no match on the first line, the second is run; if no match on the second, the third is run, and so on until there is a match, or the end of the ACL is reached. This top-to-bottom process places special importance on the order of the lines.

Low Rate eCommerce & Retail Plans

There is an implicit deny at the end of every ACL. If packets are not expressly permitted, they are implicitly denied.

If Router 3's Ethernet interface should only accept packets with a source network of 172.12.12.0, the ACL will be configured like this:

R3#conf t

R3(config)#access-list 5 permit 172.12.12.0 0.0.0.255

The ACL consists of only one explicit line, one that permits packets from source IP address 172.12.12.0 /24. The implicit deny, which is not configured or seen in the running configuration, will deny all packets not matching the first line.

Continue reading this article.

About the Author:
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (www.thebryantadvantage.com), home of FREE CCNA and CCNP tutorials and daily exam questions, as well as The Ultimate CCNA and CCNP Study Packages.

For a FREE copy of his latest e-books, "How To Pass The CCNA" or "How To Pass The CCNP", and for free daily exam question, visit the website and download your copies!
About SysAdminNews
SysAdminNews is a collection of articles, news and commentary designed to keep system administrators informed about the latest trends impacting their profession. Updates and Advice for System Administrators

SysAdminNews is brought to you by:

SecurityConfig.com NetworkingFiles.com
NetworkNewz.com WebProASP.com
SysAdminNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com ITManagementNews.com

-- SysAdminNews is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2007 iEntry, Inc.  All Rights Reserved  Privacy Policy  Legal

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article



Database Forum Updates and Advice for System Administrators SysAdminNews News Archives About Us Feedback SysAdminNews.com About Article Archive News Downloads WebProWorld Forums iEntry Advertise Contact Jayde