Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.
standard IP access list provides basic packet filteringabilities, based on the source IP address of a packet onlyExtended IP access lists allow filtering not onlyon source addresses, but also on destination addresses,protocols, and even applications, based on their portnumber
Standard Access List Can match based on source IP address, but Extended ACL can match based on source and destination IP address and port number plus protocol number
Configuring Standard ACLs
access-list access-list-number {permit|deny} {host|source source-wildcard|any}
access-list-number from1 to99. In Cisco IOS Software Release12.0.1, standard ACLs begin to use additional numbers (1300 to1999).
Configuring Extended ACLs
access-list access-list-number {deny | permit} protocol source source-wildcard destination destination-wildcard[precedence precedence] [tos tos] [fragments] [time-range time-range-name] [dscp dscp]
The access-list-number is a decimal number from100 to199 or2000 to2699.
Standard ACLs provides basic packet filtering in which match is based on only source IP address.
Extended ACLs allows filtering not only on source address but also on destination addresses, protocol type and source and destination port numbers
standard acess list:-
standard acl is used for full blocking or full permiting and the identifying number range from1-99...and its extended range is
extended acess list:-
in extended acess list we can block or permit partially.it works in layer3 and4.
its range is100-199 and its extended range is
standard ACL means its block the specific series of IP from another IP block of a gateway.for example a series of ip is192.168.1.x is block want to block the192.168.2.x series fro not browsing or minitoring.thats block is called standard ACL.
Extended ACL means to block a host by sepcific ip address under a application for example webbrowsing from webserver .that time its can be applicable.
ACL extended is more boundary than standard
Standard ACLs provides basic packet filtering in which match is based on only source IP address.The Basic Filtering process will be only carried through it.
Extended ACLs allows filtering not only on source address but also on destination addresses, protocol type and source and destination port numbers.The ser needed ACL's which the permit and deny of needed will be carried on this
A standard ACL can permit or deny trafiic based only on the source address(s). takes numbers1-99
An extended ACL can permit or deny traffic based on both the source and destination address(s) as well as tcp/udp/icmp trafic types. Takes numbers100-199
acl is used1 -99 no for assign the acl list where as extended uses100 -199 for extended .
apart from that acl for the ip address where as extended uses blocking perticular protocol like , www,ftp, snmp. like wise . perticular service blocking by extended acl .
The main difference between Standard and Extended ACL is1-to-many traffic filtering.
As standard can only works on either source IP or destination IP, suggested to make as close as to destination IP.
Extended works on both source and destination IP as well as on some other aspects like protocols, ports they even make logs too.