IP Access Lists
331
TCP/IP header compression is disabled
Probe proxy name replies are disabled
Gateway Discovery is disabled
Policy routing is disabled
As you can see from this output, interface Ethernet0 does not have any
access lists applied to it.
Extended Access Lists
Extended access lists offer filtering on port numbers, session-layer protocols,
and destination addresses, in addition to filtering by source address.
Although all these extended filtering features make this kind of access list
much more powerful, they can also be more difficult to troubleshoot because
of their potential complexity.
A packet must follow the same basic process when arriving at an interface
with an extended access list applied to it as it does when confronting an inter-
face with an applied standard list. Figure 6.11 illustrates the procedure that
a packet follows when being compared against an extended list--the only
difference is the much greater scope of criteria that are specifiable.
F I G U R E 6 . 1 1
Packet processing through an extended access list
Copyright ©2000 SYBEX , Inc., Alameda, CA
www.sybex.com