GLOBAL DISTRIBUTION INC. Information Security Policy
Access List Configuration Facts
Configuring access lists involves two general steps:
1. Create the list and list entries with the access-list command.
2. Apply the list to a specific interface or line.
Use the ip access-group command to apply the list to an interface.
Use the access-class command to apply the list to a line.
When constructing access list statements, keep in mind the following:
The access list statement includes the access list number. The type of list (standard or extended) is indicated by the access list number. Use the following number ranges to define the access list:
1-99 = Standard IP access lists
100-199 = Extended IP access lists
A single access list can include multiple access list statements. The access list number groups all statements into the same access list.
List statements include an action, either permit or deny.
To identify a host address in the access list statement, use the following formats:
n.n.n.n
n.n.n.n 0.0.0.0
OR host n.n.n.n
Where n.n.n.n is the IP address of the host.
To identify a network address, use the format:
n.n.n.n w.w.w.w
Where n.n.n.n is the subnet address and w.w.w.w is the wildcard mask.
Enter access list statements in order, with the most restrictive statements at the top. Traffic is matched to access list statements in the order they appear in the list. If the traffic matches a statement high in the list, subsequent statements will not be applied to the traffic.
Each access list has an implicit deny any statement at the end of the access list. Your access list must contain at least one allow statement, or no traffic will be allowed.
When you remove an access list statement, the entire access list is deleted. Use Notepad or another text editor to construct and modify access lists, then paste the list into the router console.
A single access list can be applied to multiple interfaces.
Extended access lists include a protocol designation (such as IP, TCP, or UDP). Use IP to match any
Configuring access lists involves two general steps:
1. Create the list and list entries with the access-list command.
2. Apply the list to a specific interface or line.
Use the ip access-group command to apply the list to an interface.
Use the access-class command to apply the list to a line.
When constructing access list statements, keep in mind the following:
The access list statement includes the access list number. The type of list (standard or extended) is indicated by the access list number. Use the following number ranges to define the access list:
1-99 = Standard IP access lists
100-199 = Extended IP access lists
A single access list can include multiple access list statements. The access list number groups all statements into the same access list.
List statements include an action, either permit or deny.
To identify a host address in the access list statement, use the following formats:
n.n.n.n
n.n.n.n 0.0.0.0
OR host n.n.n.n
Where n.n.n.n is the IP address of the host.
To identify a network address, use the format:
n.n.n.n w.w.w.w
Where n.n.n.n is the subnet address and w.w.w.w is the wildcard mask.
Enter access list statements in order, with the most restrictive statements at the top. Traffic is matched to access list statements in the order they appear in the list. If the traffic matches a statement high in the list, subsequent statements will not be applied to the traffic.
Each access list has an implicit deny any statement at the end of the access list. Your access list must contain at least one allow statement, or no traffic will be allowed.
When you remove an access list statement, the entire access list is deleted. Use Notepad or another text editor to construct and modify access lists, then paste the list into the router console.
A single access list can be applied to multiple interfaces.
Extended access lists include a protocol designation (such as IP, TCP, or UDP). Use IP to match any