Professional Documents
Culture Documents
Devices Part 1
ICND1 100-105
Instructor
Paul A. Parker
1
Chapter 26
2
Chapter 26
Foundation Topics
v Extended Numbered IP Access Control Lists
▼ Extended IP access lists have many similarities to standard
numbered IP ACLs but they differ in the fact that they have a
larger variety of packet header fields that can be used for
matching.
▼ The syntax is identical up through the permit or deny keyword,
but the extended ACL access-list also requires the IP protocol
type, the source IP address, and the destination IP address.
▼ The IP header’s Protocol field identifies the header that follows.
▼ Place extended ACLs as close as possible to the source of the packets that will be
filtered. Filtering close to the source of the packets saves some bandwidth.
▼ Remember that all fields in one access-list command must match a packet for
the packet to be considered to match that access-list statement.
▼ Use numbers of 100–199 and 2000–2699 on the access-list commands; no one
number is inherently better than another.
23