I'M not sure.
access-list
IP addresses Telnet traffic Upper-layer IP protocols
Access-lists are used for limiting the traffic say mainly for security purpose. Using access-list you can deny or permit the traffic from source address based on standard access list or deny or permit the traffic by classification of source or destination ip address, or by protocols . these are written in sequential order. So order of statement is very important . We should be clear of what to permit or deny .. sample config Standard access-list Router(config)#access-list 5 <permit> or <deny> <source ip address> Extended access-list Router(config)#access-list 111 <permit> or <deny> <protocol> <source ip address> <destination ip address> After creating access-list it will not be useful without applying on the interface where the traffic runs along the path. these should be applied in inbound direction or outbound direction of the interface as per our requirement. Most importantly when u want make changes , copy to text editor or notepad , do changes on them and remove the access-list config in the router and copy them fresh from the notepad.
Extended IP Access List
BIG-IP is an Application Delivery Networking system. It provides such services as load balancing, web acceleration, access control, and traffic management.
An IP address that is not on a list. This is in the context of access lists, and there are two primary variants:Blacklist - block these IP addressesWhitelist - allow only these IP addressesUnlisted then means that the IP address is not in the list, which could mean either that it is blocked (if missing from a whitelist) or that it is allowed (if not on a blacklist).
show ip interface
router#show access-listsExtended IP access list 11010 deny tcp 172.16.0.0 0.0.255.255 any eq telnet20 deny tcp 172.16.0.0 0.0.255.255 any eq smtp30 deny tcp 172.16.0.0 0.0.255.255 any eq http40 permit tcp 172.16.0.0 0.0.255.255 any--------------------------------------------------------------Notice that in this access list, the network 172.16.0.0 0.0.255.255 is specified as the source but the question asks about "HTTP traffic coming from the Internet that is destined for 172.16.12.10″, which means 172.16.0.0 0.0.255.255 is the destination network. So in this case there is no match in our access list and the traffic will be dropped because of the implicit deny all at the end of the ACL. It is surely a tricky question!
Remove lines selectively when using named IP access lists Make subsequent additions at the end of the access list Every access list should have at least one permit statement
I have discovered that Supervisors can access an IP Block List. This can be found by firstly clicking the warn/block area on the left-hand toolbar. At the bottom of that page there is a link: 'List of blocked IPs and users', to access all users and IP addresses who have been blocked over the last few years.
The command access-list permit ip any any must be added to the last line of an access list to allow all other data packets to enter and exit the router.
Routing