difference between the two types is the variety of fields in the packet that can be compared for
matching by extended access lists. To pass the CCNA exam, you must remember all the items
that an extended IP access list can check to make a match. As with standard lists, extended
access lists are enabled for packets entering or exiting an interface. The list is searched
sequentially; the first statement matched stops the search through the list and defines the action
to be taken. All these features are true of standard access lists as well. The matching logic,
however, is different than that used with standard access lists and makes extended access lists
much more complex.
headers shows the IP protocol type, which identifies what header follows the IP header. The
source and destination IP addresses are also shown. In the second set of headers in the figure,
an example with a TCP header following the IP header is shown. The TCP source and
destination port numbers are listed in the abbreviated TCP header shown in the figure. Table
7-5 provides the complete list of items that can be matched with an IP extended access list.