Cisco Systems RJ-45-to-AUX manual List, 258

Subnetting using variable length subnet masks (VLSM) seems pretty easy, doesn’t it?

The type of access list defined is identified by the number you assign to the access list. Table 13.3 identifies the types of access lists that can be configured, along with the associated string of numbers that can be used with each type.

Table 13.3: The available access list numbers and the associated access list types.

Extended access lists use many of the same configuration rules as standard access lists. An extended access list allows filtering based on source address, destination address, protocol type, application, or TCP port number.

The IP extended access list command is more complex than the standard access list command and offers many more options. The IP extended access list syntax is shown here:

access−list access−list−number {denypermit} {protocol type} source−address source−wildcard destination−address destination−wildcard [protocol specific optionsoperator] [log]

Tip You can use the syntax any as a parameter to replace the source or destination address; any implies all addresses. In IPX access lists, A(n−1) indicates an any syntax.

Let’s take a look at the syntax elements for the IP extended access list that are not included in the standard access list:

∙access−list−number—For an IP extended access list, the range of possible numbers is 100 to 199.

∙denypermit—A permit indicates whether the source will be allowed in or out of an interface. A deny indicates that the data will be dropped and an ICMP message will be sent to the source address.

∙protocol type—This syntax element indicates the protocol to match. Possible options include eigrp, icmp, igrp, ip, nos, ospf, tcp, udp, or any number from 0 to 255.

Tip The protocol syntax of ip indicates all protocol types.

258