Appendix A: Access Control Lists

Appendix A: Access Control Lists


In this Appendix, you learn to:

  • Create and use standard access lists

  • Create and use extended access lists

  • Create and use named access lists

Access control lists (ACLs) are powerful tools that are often at the heart of many other processes. Activities like traffic filtering, packet manipulation, routing update filtering, using the debug ip packet command, and many others use ACLs to make decisions. In each case, the administrator is able to construct a set of test or criteria statements, which are then used to control data flows or limit process scopes. A solid understanding of Cisco ACLs is critical because more devices are using them, including the latest versions of the PIX IOS.

While integral to so many processes, ACLs are often misunderstood by users. In this chapter, you see the two types of ACLS: standard and extended access lists, and, we hope, shed some light on how to build and use them. Undoubtedly, someone is wondering “Isn’t there a third type called named access lists?” Well, yes and no. Yes, there are named access lists, but, no, they aren’t that different from the other two types. They can be either standard or extended lists, the difference being that named access lists use names instead of numbers as identifiers. After you learn about standard and extended lists, you explore the additional benefits and limitations that named lists bring to the table.

Part III: Virtual Private Networks (VPNs)