Types of ACLs

There are two types of access lists:

1. standard access lists – with standard access lists, you can filter only on the source IP address of a packet. These types of access list are not as powerful as extended access lists, but they are less processor intensive for the router.

The following example describes the way in which standard access lists can be used.

acl example

Let’s say that server S1 holds some important documents that need to be available only to company’s management. We could configure an access list on R1 to enable access to S1 only to users from the management network. All other traffic going to S1 will be blocked. This way, we can ensure that only authorized user can access sensitive files on S1.

2. extended access lists – with extended access lists, you can be more precise in your filtering. You can evaluate source and destination IP addresses, type of layer 3 protocol, source and destination port, etc. Extended access lists are more complex to configure and consume more CPU time than the standard access lists, but they allow a much more granular level of control.

To demonstrate the usefulness of extended ACLs, we will use the following example.

extended acl example

In the example network above, we have used the standard access list to prevent all users to access server S1. But, with that configuration, we have also disable access to S2! To be more specific, we can use extended access lists. Let’s say that we need to prevent users from accessing server S1. We could place an extended access list on R1 to prevent users only from accessing S1 (we would use an access list to filter the traffic according to the destination IP address). That way, no other traffic is forbidden, and users can still access the other server, S2:

extended acl example 2

Prerequisites for 200-301

200-301 is a single exam, consisting of about 120 questions. It covers a wide range of topics, such as routing and switching, security, wireless networking, and even some programming concepts. As with other Cisco certifications, you can take it at any of the Pearson VUE certification centers.

The recommended training program that can be taken at a Cisco academy is called Implementing and Administering Cisco Solutions (CCNA). The successful completion of a training course will get you a training badge.

Full Version 200-301 Dumps

Try 200-301 Dumps Demo