Search

Extended Access Control Lists, syntax of access-list IOS command to create an Extended Access Control List (ACL)

Standard Access Control Lists can filter the IP traffic ONLY based on the source IP address in an IP datagram packet.

Extended Access Control Lists can filter the traffic based on many other factors.

• Source and destination IP addresses.

• Protocols like IP, TCP, UDP, ICMP etc.

• Protocol information Port numbers for TCP and UDP, or message types for ICMP.

Extended Access Control Lists can be created by using the "access-lists" IOS command. The syntax of "access list" IOS command to create a Extended Access Control List is shown below.

Router(config)# access-list [Access_list_number] permit|deny
IP_protocol source_address source_wildcard_mask
[source_protocol_information] destination_address destination_wildcard_mask
[destination_protocol_information] [log]

Access_list_number: For Extended Access Control List, Access list number must be between 100–199 or 2000–2699.

permit | deny: Whether to permit or deny traffic.

IP_protocol: IP protocol to match. The IP protocols can be IP, ICMP, TCP, GRE, UDP, IGRP, EIGRP, IGMP, IPINIP, NOS, and OSPF.

source_address: Source IP address.

source_wildcard_mask: Source wildcard mask. Click the following link to learn more about Access Control List - Wildcard masks.

source_protocol_information: Additional source protocol information like TCP or UDP Port numbers

destination_address: Destination IP address.

destination_wildcard_mask: Destination wildcard mask. Click the following link to learn more about Access Control List - Wildcard masks.

destination_protocol_information: Additional destination protocol information like TCP or UDP Port numbers.

log: Specifies whether logging is required either to console or to a syslog server.

wildcard mask: Instead of specifying a single IP address, you can also permit or deny networks/subnets entirely or partly by using wildcard masks, also known as inverse masks. Wildcard masks is optional in above IOS command.

Related Tutorials
• Standard Access Control Lists (ACLs)
• Where should a Standard Access Control List (ACL) be placed
• Access Control List (ACL) - Wildcard Masks
• How to create and configure Standard Access Control Lists (ACLs)
• Extended Access Control Lists (ACLs)
• Where should an Extended Access Control List (ACL) be placed
• Extended Access Control List (ACL) - Operators
• Extended Access Control List (ACL) - TCP and UDP port numbers and names
• Extended Access Control List (ACL)- established Keyword
• How to create and configure Extended Access Control Lists (ACLs)
• How to create and configure Access Control Lists (ACLs) for vty lines (telnet and ssh)
• Named Access Control Lists (ACLs)
• How to create and configure Standard Named Access Control Lists (ACLs)
• How to create and configure Extended Named Access Control List (ACL)
• How to edit a Named Access Control List (ACL) on router