Access List
ACCESS LISTS
Access lists allow Cisco routers to function as a packet filter and are supported for several protocols. The most common of these protocols are listed in the following table:
Protocol Range
IP standard 1 to 99 (and 1300 to 1999 in IOS 12.0 and higher)
IP Extended 100-199 (and 2000 to 2699 in IOS 12.0 and higher)
Ethernet type code
200-299
DecNet 300-399
XNS
400-499
Extended XNS
500-599
AppleTalk 600-699
Ethernet address 700-799
IPX Standard 800-899
IPX Extended 900-999
IPX SAP 1000-1099
Access lists are lists of rules that either permit or deny certain inbound or outbound traffic from and to particular hosts or networks. The access list and its rules are applied to one or more interfaces on the router. When the router routes traffic through these interfaces, the rules in the list are processed sequential, looking for a matching rule permitting the traffic to pass. When there is not a matching rule permitting the traffic to pass, it is denied by default because of the implicit deny any at the end of each rule. For example, if you deny telnet traffic to host 172.16.22.139 using the rule: access-list 110 deny TCP any host 172.16.22.139 eq TELNET and this would be the only rule in the access list, you would effectively deny all IP traffic from entering or leaving the router's interface.
The implicit deny all, for many, is a confusing part of access lists and often forgotten in practice while in fact it is very logical. If you want to protect a network using a packet filter, you would typically start out with denying all traffic, and from there permit certain hosts or networks to communicate certain traffic.
In addition to protecting private networks from external intruders, access lists are also commonly used to manage network traffic. For example, if you do not want certain protocols or services available in particular subnets you can block only those ports but permit all other traffic. This is also used as an effective way to prevent traffic such as ICMP messages and routing updates from traveling over certain links.
For More: http://cisco-training640-802.blogspot.com
About the Author:Ahamed Razzanhttp://cisco-training640-802.blogspot.com
Article Source: ArticlesBase.com - Access List