background image
Filtering IP Traffic
461
Figure 7-2
Locations Where Access List Logic Can Be Applied
Features of the process described in Figure 7-2 are as follows:
·
Packets can be filtered as they enter an interface, before the routing decision.
·
Packets can be filtered before they exit an interface, after the routing decision.
·
"Deny" is the term used in the IOS to imply that the packet will be filtered.
·
"Permit" is the term used in the IOS to imply that the packet will not be filtered.
·
The filtering logic is configured in the access list.
·
At the end of every access list is an implied "deny all traffic" statement. Therefore, if a
packet does not match any of your access list statements, the packet will be blocked.
Routing
Logic
ACL
Permit
Permit
Router
Deny
IP Packet
ACL
Bit
Bucket
Deny
Inbound
Outbound
ch07.fm Page 461 Monday, March 20, 2000 5:14 PM