Describe the purpose and types of access control lists – Access lists are used to restrict or allow access to traffic via an interface. You may want to allow redirect port 25 (SMTP) to your Exchange server and allow traffic to flow in and out of the port. This is possible with access lists.
There are two types of access lists standard and extended.
Standard
Standard access lists filter based on source IP address. Telnet, Web, SMTP etc cannot be filtered by a standard access list. Standard access-lists can be created between 1-99 and 1300-1999. An example:
configure terminal access-list 1 permit 10.0.0.1 0.0.0.255
Extended
Extended access list can filter by source, destination and port. Extended access lists can be created byween 100-199 and 2000-2699.
configure terminal access-list 100 permit tcp any eq 25 host 10.0.0.1
Both standard and extended access lists can be placed either inbound or outbound on an interface allowing for greater control on what packets can be sent/received.
configure terminal interface s0/0 ip access-group 100 in ip access-group 100 out