The Cisco Access Control List (ACL) is are used for filtering traffic based on a given filtering criteria on a router or switch interface. Based on the conditions supplied by the ACL, a packet is allowed or blocked from further movement.Cisco ACLs are available for several types of routed protocols including IP, IPX, AppleTalk, XNS, DECnet, and others. However, we will be discussing ACLs pertaining to TCP/IP protocol only.  ACLs for TCP/IP traffic filtering are primarily divided into two types:
  • Standard Access Lists  Standard ACL LAB
  • Extended Access Lists  Extended ACL LAB
      
    Standard Access Control Lists: Standard IP ACLs range from 1 to 99. A Standard Access List  allows you to permit or deny traffic FROM specific IP addresses. The destination of the packet and the ports involved can be anything.
    This is the command syntax format of a standard ACL.
    access-list access-list-number {permit|deny}
    {host|source source-wildcard|any}
      

    Extended Access Control Lists: Extended IP ACLs allow you to permit or deny traffic from specific IP addresses to a specific destination IP address and port. It also allows you to have granular control by specifying controls for different types of protocols such as ICMP, TCP, UDP, etc within the ACL statements. Extended IP ACLs range from 100 to 199. In Cisco IOS Software Release 12.0.1, extended ACLs began to use additional numbers (2000 to 2699).

  • The syntax for IP Extended ACL is given below:

    access-list access-list-number {deny | permit} protocol source source-wildcard
    destination destination-wildcard [precedence precedence]