Traffic that comes into the router is compared to ACL entries based on
the adjustment that the entries action in the router. New statements
are added to the end of the list. The router continues to attending
until it has a match. If no matches are begin back the router alcove
the end of the list, the cartage is denied. For this reason, you should
accept the frequently hit entries at the top of the list. There is an
adumbrated abjure for cartage that is not permitted. A single-entry ACL
with alone one abjure access has the aftereffect of abstinent all
traffic. You charge accept at atomic one admittance account in an ACL
or all cartage is blocked. These two ACLs (101 and 102) accept the
aforementioned effect.
access-list 101 admittance ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 102 admittance ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 102 abjure ip any any
In this example, the aftermost access is sufficient. You do not
charge the aboriginal three entries because TCP includes Telnet, and IP
includes TCP, User Datagram Protocol (UDP), and Internet Control
Message Protocol (ICMP).
access-list 101 admittance tcp host 10.1.1.2 host 172.16.1.1 eq telnet
access-list 101 admittance tcp host 10.1.1.2 host 172.16.1.1
access-list 101 admittance udp host 10.1.1.2 host 172.16.1.1
access-list 101 admittance ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
Sections
Comments (0 posted)
Syndication
