IPv4 Access Control Lists (ACLs)
Configuring and Assigning an IPv4 ACL
Options for Permit/Deny Policies
The permit or deny policy for IPv4 traffic you want to filter can be based on
source address alone, or on source address plus other IPv4 factors.
■ Standard ACL: Uses only a packet's source IPv4 address as a crite-
rion for permitting or denying the packet. For a standard ACL ID, use
either a unique numeric string in the range of 1-99 or a unique name
string of up to 64 alphanumeric characters.
■ Extended ACL: Offers the following criteria as options for permit-
ting or denying a packet:
• source IPv4 address
• destination IPv4 address
• IPv4 protocol options:
– Any IPv4 traffic
– Any traffic of a specific IPv4 protocol type (0-255)
– Any TCP traffic (only) for a specific TCP port or range of ports,
including optional control of connection traffic based on whether
the initial request should be allowed
– Any UDP traffic (only) or UDP traffic for a specific UDP port
– Any ICMP traffic (only) or ICMP traffic of a specific type and code
– Any IGMP traffic (only) or IGMP traffic of a specific type
– Any of the above with specific precedence and/or ToS settings
For an extended ACL ID, use either a unique number in the range of 100-
199 or a unique name string of up to 64 alphanumeric characters.
Carefully plan ACL applications before configuring specific ACLs. For more
on this topic, refer to “Planning an ACL Application” on page 9-24.
ACL Configuration Structure
After you enter an ACL command, you may want to inspect the resulting
configuration. This is especially true where you are entering multiple ACEs
into an ACL. Also, it is helpful to understand the configuration structure when
using later sections in this chapter.
The basic ACL structure includes four elements:
1. ACL identity and type: This identifies the ACL as standard or extended and
shows the ACL name or number.
2. Optional remark entries.
9-35
