Access control lists (ACLs) can be used for filtering and identifying network traffic. ACLs are composed of rules that either permit or deny traffic based on conditions like source/destination addresses, protocols, and port numbers. Numbered ACLs range from 1-99 for standard IP and 100-199 for extended IP. Named ACLs have no number limit. Standard ACLs filter based only on source IP while extended ACLs examine both source and destination addresses, protocol, and port numbers.

1. Chapter -11
ACCESS CONTROL LIST
Access Control list can be used for two purposes on Cisco devices:
1. To filter traffic
2. To identify traffic
3. To maintain logs

2. ACCESS LIST
Access lists are a set of rules , organized in a rule table. Each rule or line
in an access-list provides a condition, either permit or deny.
• When using an access-list to filter traffic, a permit statement is used to
allow traffic, while a deny statement is used to block traffic.
• Similarly when using an access list to identify traffic, a permit statement
is used to include traffic. While a deny statement states that the traffic
should not be included.

3. ACCESS LIST
Filtering traffic is the primary use of access lists. However ,
there are several instances when it is necessary to identify
traffic using ACLs , including:
• Identifying interesting traffic to bring up an ISDN link or VPN tunnel.
• Identifying routes to filter or allow in routing updates
• Identifying Traffic for QoS purposes

4. ACCESS LIST
TYPES OF ACCESS LIST:
Two categories of access list: numbered and named.
Numbered access list are broken down into several ranges,
1-99 IP Standard access list
100- 199 IP extended access list
1300- 1999 IP Standard access list [expanded range]
2000 - 2699 IP Extended access list[extended range ]

5. ACCESS LIST
TYPES OF ACCESS LIST:
Two categories of access list: numbered and named.
Named access list are broken down into two types,
IP Standard named access list
IP extended named access list
You can make limitless named access list in this .or you can say infinite.

6. ACCESS LIST
Wild Card Masks
IP access –lists use wildcard masks to determine two things:
1. Which part of an address must match exactly
2. Which part of an address can match any number
Used for the filtering the traffic allow /deny
Opposite of subnet mask
255.255.0.0 subnet mask
0.0.255.255 wildcard mask

7. ACCESS LIST
Reflective access list
Only internal traffic move outside but outer not able to enter
[in reflective outer traffic able to enter with matching the source record]
It works as a watch guard

8. ACCESS LIST
STANDARD ACCESS LIST
As close to destination
ALL DECISION BASED ON THE SOURCE IP ADDRESS , THEY DON’T DISTINGUISH BETWEEN
ANY OF THE MANY TYPES OF IP TRAFFIC SUCH AS WEB, TELNET , SO ON

9. ACCESS LIST
EXTENDED ACCESS LIST
As close to source
ALL DECISION BASED ON THE SOURCE AND DESTINATION IP ADDRESS , , THE PROTOCOL
FIELD IN THE NETWORK LAYER HEADER AND PORT NUMBER AT THE TRANSPORT LAYER
HEADER

10. Inbound Access List:
When an access list is applied to inbound packets on an interface those packets are
processed through the access list before being routed to the outbound packet.
Outbound Access List:
When an access list is applied to outbound packets on an interface being routed to the
outbound interface and those packets are processed through the access list
ACCESS LIST
Test
Permit 10.0.0.1
Permit 20.0.0.1
Deny all
On single router on particular interface we can only make single ACL
Per interface [sub interface]
Per direction [in / out]
Per protocol [ip / ipx]
On router you can make number of ACLs