Embed

The Anatomy of Access Lists

Document Sample

Shared by: panniuniu

Tags

Stats

views:: 0
posted:: 12/11/2011
language:
pages:: 2

Public Domain

The Anatomy of Access Lists

The Standard IP Access List

List # Rule Pattern Definition

Source Address Wild Card Mask

access-list nn permit or deny xxx.xxx.xxx.xxx ccc.ccc.ccc.ccc

This mask must be applied to the

Allowed Range for Specify the nature of The IP address of the source of source to determine which bits

Standard List is this line: permit or the packet. are significant. 0 in the mask is

1-99 deny. apply, 1 in the mask is ignore.

(AKA inverse mask)

The Extended IP Access List

Note: Shaded sections below are optional. They are used only when the protocol specified is TCP or UDP.

List # Rule Pattern Definition

Protocol Source Source Mask Destination Destination Operator Port#

Address Address Mask

access-list permit see see ppp

below sss.sss.sss.sss ccc.ccc.ccc.ccc ttt.ttt.ttt.ttt rrr.rrr.rrr.rrr below (TCP or UDP)

nnn or

(TCP or UDP)

deny

Allowed ICP, IP address of IP address of eq for =

Range is Choose ICMP, packet’s 0 = apply packet’s 0 = apply gt for > see table

100-199 one only TCP, UDP, source. 1 = ignore. destination. 1 = ignore lt for < on back

etc. neq for 

The Standard IPX Access List

List # Rule Pattern Definition

Source Address Destination Address

access-list nnn permit xxx ccc

or deny

Protocols With Access Lists

Range for Choose The IPX address of The IPX address of

Specified By Numbers

Standard IPX one only the source of the the destination of

800-899 packet. the packet. Protocol Range

IP 1 to 99

Common Port Numbers Filtered Using IP Extended Access Lists Extended IP 100 to 199

XNS 400 to 499

Protocol Port Number Protocol Name Extended XNS 500 to 599

AppleTalk 600 to 699

TCP 20 File Transfer Protocol (FTP) data

IPX 800 to 899

TCP 21 File Transfer Protocol (FTP) program Extended IPX 900 to 999

TCP 23 Telnet IPX SAP 1000 to 1099

Standard VINES 1 to 100

TCP 25 Simple Mail Transfer Protocol (SMTP)

Extended VINES 101 to 200

UDP 53 Domain Name Service (DNS) Simple VINES 201 to 300

UDP 69 Trivial File Transfer Protocol (TFTP)

TCP 80 Hypertext Transfer Protocol (HTTP)

UDP 161, 162 Simple Network Management Protocol (SNMP)