Extend IP Access List

The extended IP Access list is a string of statements that are created in universal mode.  Each declaration is a test that each small package is subjected to.  Each declaration carries the fundamental words permit or deny. When ever an Access list tests a packet there are three possibilities to happen.

The three possibilities are as follows:

1.    If the packet matches the correct arguments of the statement. If the word permit is also present in the. Then the packet is allowed to travel.
2.    If the packet matches the correct arguments of the statement. If the word deny is also present in the. Then the packet is not allowed to travel.
3.    If the packet does not match the arguments in the statement then it is passed to another statement for check.

Access-list 100 permits ip any

All the access lists begin with word access-list along with a collection of information of the access list. Extended list have figures ranging from 100 to 199. After this the protocol’s come, the access list statement deals with. Next is the foundation address and wildcard mask and end address and wildcard mask.

Following is the extended access list.

Access-list 100 permits ip 172.16.0.0 0.0.255.255 172.17.0.0 0.0.255.255

The above mentioned line permits the 172.16 network to arrive at the 172.17 network using IP address.  If you want to be tolerant and give permission to everybody you can type the word any for the IP address. This will allow everybody to access the networks:

Access-list 175 permit ip any 172.28.2.0 0.0.0.255

Another option is also present. That is of the host. The list begins its processing from top to bottom. So be careful about placing your statements.

To apply your access list you will have to go to the border and use the command ip access group and then you can easily specify the direction you want to give to the filtering.