What is IPv4 ACLs Type -Cisco Routers

There are many different IPv4 ACL types, for example, access control lists for IP version 4, IP version 6, IPX, DECnet, AppleTalk, etc. In this lesson, we are going to discuss IPv4 ACLs for Cisco. IPv4 ACLs have two types: a standard access list and an extended access list.

Standard access-list

Standard access lists permit or deny traffic only based on source addresses. They are usually used for server-based filtering. Standard access lists differentiate routes on a network using the IP address. The port and destination of the packet are not evaluated.

Standard access lists only contain a list of addresses or address ranges and a statement as to whether access to or from that address is permitted or denied. The command syntax for configuring the standard access list is the following:

Router1(config)# access-list {1-99} {permit | deny} source-addr [source-wildcard]

  • The range of the standard access list is from 1 to 99. So, the first value {1-99} specifies the standard ACL number range.
  • {permit | deny} specifies whether to permit or deny the configured source IP address traffic.
  • The third value is the source IP address of the traffic.
  • The last parameter is the wildcard mask, which will be applied to the previously configured IP address to indicate the range. We will discuss the wildcard mask in detail later.

Extended access lists

Extended access lists permit or deny traffic based on source IPv4 addresses, destination IPv4 addresses, protocol type, port (TCP, UDP, etc) and other features and are used for packet-based filtering for packets that traverse the network. The command syntax for configuring an extended numbered IPv4 ACLs are:

Router(config)# access-list {100-199, 2000 – 2699} {permit | deny} protocol source-addr [source-wildcard] [operator operand] destination-addr [destination-wildcard] [operator operand] [established]

  • Just like the standard IPv4 ACLs, the range of extended IPv4 ACLs starts from {100-199 or 2000 – 2699}.
  • {permit | deny} value specifies whether to permit or deny according to the criteria followed.
  • The third value specifies the protocol type ( IP, TCP, UDP, and other specific IP sub-protocols).
  • The source IP address and wildcard mask determine traffic source.
  • The destination IP address and its wildcard mask indicate the final destination of the network traffic.

When the destination IP address and mask are configured, the port number must be specified, otherwise all traffic to that destination will be dropped.

Note:- Access lists use the deny or permit statement for allowed or denied packet entry into a server or network.