?– Re?¬‚exive, dynamic, and time-based ACLs add more functionality to standard and extended
ACLs.
?– In a wildcard bit mask, a 0 bit means to match the corresponding address bit, and a 1 bit means
to ignore the corresponding address bit.
172.30.16.29
0.0.0.0
(Match All Bits)
Wildcard Mask:
0.0.0.0
255.255.255.255
(Ignore All Bits)
Wildcard Mask:
222 Chapter 6: Managing Traffic with Access Control Lists
Con?¬?guring ACLs
This section describes the steps to con?¬?gure named and numbered, standard and extended ACLs.
This section also explains how to verify that the ACLs function properly and discusses some
common con?¬?guration errors to avoid.
Standard IPv4 ACLs, numbered 1 to 99 and 1300 to 1999 or named, ?¬?lter packets based on a
source address and mask, and they permit or deny the entire TCP/IP protocol suite. This standard
ACL ?¬?ltering may not provide the ?¬?ltering control you require. You may need a more precise way
to ?¬?lter your network traf?¬?c. Figure 6-12 illustrates that standard access lists check only the source
address in the IPv4 packet header.
Figure 6-12 Standard IPv4 Access Lists
Con?¬?guring Numbered Standard IPv4 ACLs
To con?¬?gure numbered standard IPv4 ACLs on a Cisco router, you must create a standard IPv4
ACL and activate an ACL on an interface.
Pages:
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340