CCNA 新版（英文）D20S06L01.pps

© 2002, Cisco Systems, Inc. All rights reserved.
Managing IP Traffic with Access Lists
Module 6
Objectives
pleting this module, you will be able to:
Use Cisco mands to configure standard and extended IP access lists, and NAT/PAT, given a functioning router
Use mands to identify anomalies in standard and extended IP access lists, given an operational router
© 2002, Cisco Systems, Inc. All rights reserved.
4
Access Lists and Their Applications
Objectives
pleting this lesson, you will be able to:
Explain the purpose of access lists and identify potential applications
Describe how the Cisco IOS software processes standard and extended access lists on inbound and outbound interfaces
Manage IP traffic work access grows
Filter packets as they pass through the router
Why Use Access Lists?
Permit or deny packets moving through the router.
Permit or deny vty access to or from the router.
Without access lists, all packets could be transmitted onto all parts of work.
Access List Applications
Special handling for traffic based on packet tests
Other Access List Uses
Standard
Checks source address
Generally permits or denies entire protocol suite
Extended
Checks source and destination address
Generally permits or denies specific protocols
Types of Access Lists
How to Identify Access Lists
Standard IP lists (1-99) test conditions of all IP packets from source addresses.
Extended IP lists (100-199) test conditions of source and destination addresses, specific TCP/IP protocols, and destination ports.
Standard IP lists (1300-1999) (expanded range).
Extended IP lists (2000-2699) (expanded range).
Other access list number ranges test conditions for other networking protocols.