This chapter showed you the basics of ACLs. Cisco uses ACLs to implement or enhance many features, including filtering of traffic, restricting access to the router, triggering DDR phone calls, classifying traffic for quality of service (QoS), and many others. ACLs can be difficult to configure and maintain. Therefore, understanding how the Cisco IOS processes ACLs is important when implementing your filters (based on your security policies). Cisco supports many different ACLs for various protocols; however, this book focuses only on the IP variety of ACLs, such as standard, extended, reflexive, lock-and-key, CBAC, and turbo ACLs.

One of the most common things misconfigured in ACLs is the wildcard mask. Wildcard masks are used to match on a range of addresses in an ACL condition. Understanding the use of wildcard masks is paramount in ensuring that you are not opening yourself to security threats.

Next up is Chapter 7, which shows you how to use standard, extended, named, timed, and turbo ACLs.