2. There are two types of access lists:
1. standard access lists -
With standard access lists, you can filter only on the source
IP address of a packet.
These types of access list are not as powerful as extended
access lists, but they are less processor intensive for the
router.
4. Let's say that server S1 holds some important documents
that need to be available only to company's management.
We could configure an access list on R1 to enable access to
S1 only to users from the management network.
All other traffic going to S1 will be blocked.
This way, we can ensure that only authorized user can
access sensitive files on S1.
5. 2. extended access lists -
With extended access lists, you can be more precise in your
filtering.
You can evaluate source and destination IP addresses, type
of layer 3 protocol, source and destination port... Extended
access lists are harder to configure and require more
processor time than the standard access lists, but they allow
a much more granular level of control.
7. We have used the standard access list to prevent all users to
access server S1.
But, with that configuration, we have also disable access to
S2! To be more specific, we can use extended access lists.
Let's say that we need to prevent users from accessing
server S1.
We could place an extended access list on R1 to prevent
users from accessing S1.
That why, no other traffic is forbidden, and users can still
access the other server, S2: