The document discusses creating and configuring extended IP access lists (EACLs) to filter network traffic based on source/destination IP addresses and protocol/port numbers. It explains that EACLs operate in the network and transport layers and must be applied to interfaces closest to the traffic source. The summary provides the key objectives and functionality of EACLs.

1. Objectives
• extended IP access lists
• Create named access lists
www.cbtvid.com
Extended ACL Page 1

2. OSI Reference Model
www.cbtvid.com
Extended ACL Page 2

3. IP Packet
From TCP/IP Protocol Suite p.180 by Behrouz Forouzan McGrawHill
www.cbtvid.com
Extended ACL Page 3

4. TCP Segment
From TCP/IP Protocol Suite p.282 by Behrouz Forouzan McGrawHill
www.cbtvid.com
Extended ACL Page 4

5. Extended ACL
• Can filter by source IP address,
destination IP address, protocol type,
and application port number
• This granularity allows you to design
extended IP access lists that:
○ Permit or deny a single type of IP protocol
○ Filter by a particular port of a particular
protocol
www.cbtvid.com
Extended ACL Page 5

6. EACL
• Extended ACL must be configured on the router or firewall
closest to the source
• Extended ACLs must be applied to the Interface closest to
the source
www.cbtvid.com
Extended ACL Page 6

7. Scenario
PC2
smtp
smtp
www.cbtvid.com
Extended ACL Page 7

8. Summary
• Extended ACLs work in the third and forth layer of OSI
Reference Model.
• Extended ACLs work by checking the source and
destination IP addresses and ports.
www.cbtvid.com
Extended ACL Page 8

9. Reference
McQuerry, Stephen. (2008) Interconnecting Cisco Network Devices,
Part 1 (ICND1): CCNA Exam 640-802 and ICND1 Exam 640-822, 2nd
Edition Cisco Press ISBN: 978-1-58705-462-4
Kelly Cannon, Kelly Caudle ,Anthony V. Chiarella (2009) CCNA Guide
to Cisco Networking Fundamentals, International Edition, 4th Edition
ISBN-13:9780840031198
www.cbtvid.com
Extended ACL Page 9