This ?¬?nal statement is often
referred to as the ???implicit deny any statement.??? Because of this statement, an ACL should have at
least one permit statement in it; otherwise, the ACL blocks all traf?¬?c. This implicit deny all will
not show up in the router con?¬?guration. In many of the examples in this text, it will be added as a
reminder.
You can apply an ACL to multiple interfaces. However, only one ACL can exist per protocol, per
direction, and per interface.
Types of ACLs
IPv4 ACLs come in various types. These differing ACLs are used depending on the functionality
required. The types of ACLs can be classi?¬?ed as follows:
?– Standard ACLs: Standard IP ACLs check the source addresses of packets that can be routed.
The result either permits or denies the output for an entire protocol suite, based on the source
network, subnet, or host IP address.
?– Extended ACLs: Extended IP ACLs check both the source and destination packet addresses.
They can also check for speci?¬?c protocols, port numbers, and other parameters, which allow
administrators more ?¬‚exibility and control.
You can use two methods to identify standard and extended ACLs:
?– Numbered ACLs use a number for identi?¬?cation.
Pages:
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322