An IP access list is a sequential
collection of permit and deny conditions that apply to IP addresses or
upper-layer IP protocols. Figure
shows the types of access lists and the available list numbers for IP.
IP access lists come in two formats. Standard access lists
filter based on source address only. Extended access lists offer more
control by filtering based on source address, destination address, or
protocol characteristics. Access lists are a fundamental tool for
managing IP traffic. Access lists can be applied to a network interface
or virtual terminal line, as shown in Figure
.
Access lists are applied to one or more interfaces and can filter
inbound traffic or outbound traffic, depending on the configuration.
Inbound access lists are generally more efficient than outbound,
and are, therefore, preferred. A router with an outbound access list must
switch every packet and then see whether it matches access-list criteria before
forwarding the packet.
Access lists are used to
define input traffic to other technologies, such as priority and custom
queuing and dial-on-demand routing (DDR). Access lists serve many
purposes, some of which are shown in the following list:
- To control the transmission of packets on an interface
- To select the interesting traffic that initiates a DDR connection
- To restrict contents of routing updates
In this chapter, you will learn to use access lists to manage IP
traffic.