What is IPv4 ACLs Type -Cisco Routers

There are many different IPv4 ACLs types, for example, access control lists for IP version 4, for IP version 6, for IPX, for DECnet, AppleTalk, etc. In this lesson, we are going to discuss IPv4 ACLs for Cisco. IPv4 ACLs have two different types, standard access list and extended access list.

Standard access-list

Standard access lists permit or deny traffic only based on source addresses. Usually, standard access lists have used for server-based filtering. Standard access lists differentiate routes on a network using the IP address. The port and destination of the packet not evaluated.

Standard access lists only contain a list of addresses or addresses ranges and a statement as to whether access to or from; that address is permitted or denied. The command syntax for configuring standard access list is the following:

Router1(config)# access-list {1-99} {permit | deny} source-addr [source-wildcard]

  • The range of the standard access list is from 1 to 99. So the first value {1-99} specifies the standard ACL number range.
  • {permit | deny} specifies whether to permit or deny the configured source IP address traffic.
  • The third value is the source IP address of the traffic.
  • The last parameter is the wildcard mask to be applied to the previously configured IP address to indicate the range. We will discuss the wildcard mask in detail later.

Extended access lists

Extended access lists permit or deny traffic based on source IPv4 addresses, destination IPv4 addresses, protocol type, port (TCP, UDP, etc) and other features and are used for packet-based filtering for packets that traverse the network. The command syntax for configuring an extended numbered IPv4 ACLs are:

Router(config)# access-list {100-199, 2000 – 2699} {permit | deny} protocol source-addr [source-wildcard] [operator operand] destination-addr [destination-wildcard] [operator operand] [established]

  • Just like the standard IPv4 ACLs, the range of extended IPv4 ACLs starts from {100-199 or 2000 – 2699}.
  • {permit | deny} value specifies whether to permit or deny according to the criteria followed.
  • The third value specifies the protocol type ( IP, TCP, UDP, and other specific IP sub-protocols).
  • The source IP address and wildcard mask determine traffic source.
  • The destination IP address and its wildcard mask indicate the final destination of the network traffic.

When the destination IP address and mask are configured, the port number must be specified, otherwise, all traffic to that destination will be dropped.

Note:- Access lists use the deny or permit statement for allowed or denied packet entry into a server or network.