was shown in Example 7-5, Example 7-6, and Example 7-7. All access lists have been removed
from Seville and Yosemite, as compared with that earlier solution.
second solution in Example 7-8. First, all the filtering is performed in Albuquerque. Criterion
point 4 is completed more concisely, allowing the permit all final statement to allow Porky and
Petunia to talk to other hosts besides Red. Packets are sent by Yosemite and Seville to
Albuquerque hosts, as well as packets sent back from servers in Albuquerque to the
Albuquerque router, before being filtered. However, the number of these packets will be small
because the filter prevents the client from sending more than the first packet used to connect to
the service.
extended access lists. As a CCNA, you will need to remember the differences in syntax of the
configuration commands and also be able to create both numbered and named lists with the
same logic. The key differences between numbered and named IP access lists are listed here:
restriction using numbered access lists.
ip access-group 112
!
interface serial 1
ip access-group 112
!
! Next statement meets objective 1
access-list 112 permit tcp host 10.1.1.2 eq www any
! Next statement meets objective 2
access-list 112 deny udp host 10.1.1.1 0.0.0.128 255.255.255.127
! Next statements meet objective 3
access-list 112 deny ip 10.1.3.0 0.0.0.255 10.1.2.0 0.0.0.255
access-list 112 deny ip 10.1.2.0 0.0.0.255 10.1.3.0 0.0.0.255
! Next statement meets objective 4
access-list 112 deny ip host 10.1.1.130 host 10.1.3.2
access-list 112 deny ip host 10.1.1.28 host 10.1.3.2
access-list 112 permit ip any any