Search

Home >> Knowledgebase >> Cisco Certified Network Associate (CCNA) >> Introduction to Access Control Lists (ACL)

Introduction to Access Control Lists (ACL), Classifications of Access Control Lists (ACL)

Access Control Lists (ACL) are very powerful security feature of Cisco IOS. By using Access Control Lists (ACL), we can deny unwanted access to the network while allowing internal users appropriate access to necessary services. Access Control Lists (ACL) are a set of commands, grouped together (by a number or name), that are used to filter traffic entering or leaving an interface. Access Control Lists (ACL) commands define which traffic is permitted and which is denied.

We have already discussed that an Access Control Lists (ACL) is a group of statements that define whether packets are accepted or rejected coming into an interface or leaving an interface. Access Control Lists (ACL) statements operate in sequential, logical order. If a condition match is true, the packet is permitted or denied and the rest of the Access Control Lists (ACL) statements are not checked. If all the Access Control Lists (ACL) statements are unmatched, an implicit "deny any" statement is placed at the end of the list by default. Access list statements operate in sequential, logical order and they evaluate packets from the top down. Once there is an access list statement match, the packet skips the rest of the statements. If a condition match is true, the packet is permitted or denied. You should remember that there is an implicit "deny any" at the end of every Access Control Lists (ACL).

We can classify Access Control Lists (ACL) as

• Numbered and Named Access Control Lists (ACL): A Numbered ACL is assigned a unique number among all Access Control Lists (ACL), but a Named Access Control Lists (ACL) is identified by a unique name.

Standard and Extended Access Control Lists (ACL): Standard IP Access Control Lists (ACL) can be used filter traffic only based on the source IP address of the IP datagram packet. An extended Access Control Lists (ACL) can be used to filter traffic based on Source IP address, Destination IP address, Protocol (TCP, UDP etc), Port Numbers etc.

The following table shows the Access Control Lists (ACL) Types and related Numbers which can be used to number an Access Control Lists (ACL)

Access Control Lists (ACL) Type

Access Control Lists (ACL) Numbers

IP Standard

1–99, 1300–1999

IP Extended

100–199, 2000–2699

This above table means that if you want to create a standard IP Access Control List (ACL) use an Access Control List (ACL) number between 1–99 or 1300–1999.

If you want to create an extended IP Access Control List (ACL) use an Access Control List (ACL) number between 100–199 or 2000–2699.

<< Auto Summarization in EIGRP
Standard Access Control Lists (ACLs) >>
Related Tutorials
• Standard Access Control Lists (ACLs)
• Where should a Standard Access Control List (ACL) be placed
• Access Control List (ACL) - Wildcard Masks
• How to create and configure Standard Access Control Lists (ACLs)
• Extended Access Control Lists (ACLs)
• Where should an Extended Access Control List (ACL) be placed
• Extended Access Control List (ACL) - Operators
• Extended Access Control List (ACL) - TCP and UDP port numbers and names
• Extended Access Control List (ACL)- established Keyword
• How to create and configure Extended Access Control Lists (ACLs)
• How to create and configure Access Control Lists (ACLs) for vty lines (telnet and ssh)
• Named Access Control Lists (ACLs)
• How to create and configure Standard Named Access Control Lists (ACLs)
• How to create and configure Extended Named Access Control List (ACL)
• How to edit a Named Access Control List (ACL) on router