www.cbtvid.com

extended IP access lists•

Create named access lists•

Objectives

Extended ACL Page 1

www.cbtvid.com

OSI Reference Model

Extended ACL Page 2

www.cbtvid.com

From TCP/IP Protocol Suite p.180 by Behrouz Forouzan McGrawHill

IP Packet

Extended ACL Page 3

www.cbtvid.com

From TCP/IP Protocol Suite p.282 by Behrouz Forouzan McGrawHill

TCP Segment

Extended ACL Page 4

www.cbtvid.com

Can filter by source IP address, destination IP address, protocol type, and application port number

•

Permit or deny a single type of IP protocol○

Filter by a particular port of a particular protocol

○

This granularity allows you to design extended IP access lists that:

•

Extended ACL

Extended ACL Page 5

www.cbtvid.com

• Extended ACL must be configured on the router or firewall closest to the source

• Extended ACLs must be applied to the Interface closest to the source

EACL

Extended ACL Page 6

smtp

www.cbtvid.com

PC2

Scenario

Extended ACL Page 7

smtp

www.cbtvid.com

Extended ACLs work in the third and forth layer of OSI Reference Model.

•

Extended ACLs work by checking the source and destination IP addresses and ports.

•

Summary

Extended ACL Page 8

www.cbtvid.com

McQuerry, Stephen. (2008) Interconnecting Cisco Network Devices, Part 1 (ICND1): CCNA Exam 640-802 and ICND1 Exam 640-822, 2nd Edition Cisco Press ISBN: 978-1-58705-462-4

Kelly Cannon, Kelly Caudle ,Anthony V. Chiarella (2009) CCNA Guide to Cisco Networking Fundamentals, International Edition, 4th Edition ISBN-13:9780840031198

Reference

Extended ACL Page 9