Types of Access Lists

Two major types of access lists exist in the Cisco IOS – standard and extended. Standard access lists provide basic filtering capabilities. For example, a standard IP access list only allows the source address of a packet to be used in filtering decisions. Extended access lists allow filtering to be accomplished in a more granular way. For example, an extended IP access list allows packets to be filtered according to source address, destination address, protocol type, port numbers, and so forth. The decision on whether to use standard or extended access lists will depend upon what it is that you are trying to accomplish.
For example, if you simply want to deny access to certain hosts based on their IP address, a standard IP access list would suffice. However, if your needs were more specific, and you wanted to block a certain group of hosts from accessing telnet on a particular server, an extended IP access list would be required.

In the Cisco IOS, access lists are identified numerically. This number not only uniquely identifies an access list, but also specifies the type of list, based on the numeric range it falls into. The list below outlines the numeric ranges associated with different types of access lists. Depending on the protocols supported by your IOS, the list may differ, but the number ranges remain the same.

1-99 IP standard access list
100-199 IP extended access list
200-299 Protocol type-code access list
300-399 DECnet access list
400-499 XNS standard access list
500-599 XNS extended access list
600-699 AppleTalk standard access list
700-799 AppleTalk extended access list
800-899 IPX standard access list
900-999 IPX extended access list
1000-1099 IPX SAP access list
1100-1199 Extended 48-bit MAC address access list
1200-1299 IPX summary address access list

Creating an access list with the number “87” would identify the list as an IP standard access list. The number “907” would identify an IPX extended access list. Access lists do not need to be numbered in any specific order – just be sure to give lists a unique number (in the proper range) that you’ll remember.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.