background image
Exam Essentials
483
How to configure IPX access lists and SAP filters to control basic
Novell traffic. You learned the difference between a standard and
extended IPX access list and how to apply the lists to a Cisco router.
How to monitor and verify selected access list operations on the
router. We went over some basic monitoring commands to verify and
test IP and IPX access lists.
Exam Essentials
Remember the standard and extended IP access-list number ranges.
The numbered range you can use to configure a standard IP access list is
1­99. The numbered range for an extended IP access list is 100­199.
Understand the term "implicit deny." At the end of every access list is
an implicit deny. What this means is that if a packet does not match any
of the lines in the access list, then it will be discarded. Also, if you have
nothing but denys in your list, then the list will pass no packets.
Understand the standard IP access list configuration command. To
configure a standard IP access list, use the access-list numbers 1­99 in glo-
bal configuration mode. Choose permit or deny, then choose the source
IP address you want to filter on.
Understand the extended IP access list configuration command. To
configure an extended IP access list, use the access-list numbers 100­199
in global configuration mode. Choose permit or deny, the Network layer
protocol, the source IP address you want to filter on, the destination
address you want to filer on, and finally the Transport layer protocol.
Remember the command to verify an access list on an interface. To see
whether an access list is set on an interface and in which direction it is
filtering, use the show ip interface command.
Remember the command to verify the access lists configuration. To
see the configured access lists on your router, use the show access-list
command. This command will not show you which interfaces have an
access list set.
Copyright ©2002 SYBEX, Inc., Alameda, CA
www.sybex.com