ADC 3 Understanding Access Lists

ADC Telecommunications, Inc.

330 CHAPTER 15: IP PACKET FILTERING

Understanding Access Lists

Access lists are sequential groupings of permit and deny rules. These rules

enable you to permit or deny packets from crossing specified interfaces. An

access list is comprised of both match criteria and actions to take upon

finding a match.

Match criteria can include:

■Source IP address

■Destination IP address

■Source TCP/UDP port

■Destination TCP/UDP port

■TCP Sync Flag

■TCP Establish State

■IP Type of Service (TOS)

Actions that can be taken against matching packets include:

■Permit

■Deny

■Change IP TOS

Access lists are pooled and indexed on a system-wide basis. As such, you can

create access-lists in either root mode, or interface configuration mode.

Access lists are then only used by an interfa ce when you enable IP filtering

on the interface and apply the predefined access-lists to the interface using

the access-class command. Each access-list is identified by a list number

that you define when creating the list.

You cannot modify an existing access list, which means that if you want to

change an access list, you must delete it and then recreate it with the same

name.