Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access-list differences 2

Status
Not open for further replies.
ttrevino

ttrevino

MIS
Mar 22, 2004
45
0
0
US
Can someone tell me what is the difference between a "standard" access-list, versus an extended? When would you use either/or?
 
Sort by date Sort by votes
I think standard access-lists are based on source while extended access-lists are based on source and destination.

Standard access list allowing 192.168.0.0 into my lan
access-list 1 permit 192.168.0.0 0.0.0.254

extended access list allowing 192.168.0.0 into my lan of 10.0.0.0.
access-list 100 permit ip 192.168.0.0 0.0.0.254 10.0.0.0 0.255.255.255
 
Upvote 0 Downvote
Thanks to both of you. That does make more sense, however, I still have one question. In our firewall today, we have some rules that look like this, "access-list 81 extended permit ip...", and others that look like this, "access-list 101 extended permit ip...".
Is 81 just the name of the ACL, even though it's an extended list? By the way, this is in an ASA firewall running 7.1(2).
And does it make any difference in naming an ACL by number or name? Such as "access-list 70 permit..." versus "access-list dmz_acl permit..."
Thanks for helping a newbie figure this stuff out, TT
 
Upvote 0 Downvote
Yes, 81 or 101 are the names of the ACL. I believe the PIX will only do extended ACLs. It just means you have more options, but you can make it work like a standard ACL. Since the pix allows named (ascii) ACLs, I use them so I know what I was intending to do with them and if someone else needs to make changes, they can find it fairly easily.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
We're in the middle of complete network redesign, so I intend to name the acl's something myself and others can easily recognize, rather than just numbers.
Thanks to all for helping me figure this out!
Now, can someone explain women to me? :O)
 
Upvote 0 Downvote

access-list woman deny ip any any


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
167
Shmid
Shmid
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
49
gbayi_omo
gbayi_omo
kythri
  • Locked
  • Question
Restrict access to SSL VPN by IP (ASA 5540 - 8.4(7))
Replies
0
Views
47
kythri
kythri
RodneyMcSnow
  • Locked
  • Question
Hardware firewall bypassed access to the lan network. Please Help! No it's not a root kit or virus
Replies
1
Views
42
ChrisHirst
ChrisHirst
RMurr34
  • Locked
  • Question
No Internet Access if no static map
Replies
0
Views
32
RMurr34
RMurr34

Part and Inventory Search

Sponsor

Back
Top