Cisco Access Control Lists Notes
This is part of the Cisco Notes series on Mike’s World News
Standard Access Control Lists (ACLs) are 1-99 and 1300-1999.
Extended ACLs are 100-199 and 2000-2699.
Standard ACLs are typically placed close to the destination.
Extended ACLs are typically placed close to the source.
I remember this as: SD/ES
Standard ACLs can only be used to define the source of the traffic.
Extended ACLs can be used to define both the source and the destination of the traffic.
Standard ACLs only defines IP traffic.
Extended ACLs can define TCP, UDP, ICMP, and IP, as well as various routing protocols (including EIGRP, IGRP, ESP, IGMP, OSPF), and other protocols in the TCP/IP family.
You can only have one ACL per protocol, per interface, per direction.
Access-Class is used for VTY (Telnet/SSH) lines.
The last line of all ACLs is an implicit deny, so make sure you add some permits to the ACL or you will be blocking all traffic.
ACLs use a Wildcard Mask, which is kind like an Inverted Subnet Mask.