What email address or phone number would you like to use to sign in to Docs.com?
If you already have an account that you use with Office or other Microsoft services, enter it here.
Or sign in with:
Signing in allows you to download and like content, and it provides the authors analytical data about your interactions with their content.
Embed code for: 15.4 ACL Operation
Select a size
15.4 ACL Operation
ACL Operation Section 15: Managing Traffic Using ACLs An ACL consists of one or more statements or entries. These entries specify which packets that the router will drop or accept for further processing. For example, ACL 102 in the program code that follows has four entries that permit TCP traffic with destination port values that match WWW (port 80), Telnet (port 23), FTP (port 21), or FTP data (port 20). The implicit deny statement at the end of the ACL denies all other traffic. Because an ACL denies all data that is not explicitly permitted, an ACL that does not contain at least one permit statement will deny all traffic. For this reason, an ACL must contain at least one permit statement unless your intent is to block all traffic. An ACL entry is often referred to as an ACE. interface ethernet0 ip access-group 102 in ! access-list 102 permit tcp any any eq www access-list 102 permit tcp any any eq telnet access-list 102 permit tcp any any eq 21 access-list 102 permit tcp any any eq 20 The order of the ACL entries is very important. To determine whether to forward or block a packet, Cisco IOS Software compares the packet to each statement, or entry, in the order in which the statements were created. In other words, the software examines the ACL statements from the top down, one statement at a time. After the software finds a match, it stops examining the ACL statements and permits or denies the packet as specified by the matched statement. If the packet does not match any ACL statement, the packet is dropped, due to the implied deny statement at the end of every ACL. The figure provides a visual representation of the process. The final statement in an ACL is often referred to as the implicit deny statement. The implicit deny statement is not a statement that you see in the ACL but instead refers to the rule that if the ACL does not explicitly permit the traffic, then it is denied. Because of the implicit deny statement, an ACL should contain at least one permit statement; otherwise, the ACL denies all packets. Up Next: ACL Wildcard Masking