# ACLs

#### - In networking we use ACL's for a variety of reasons. ACL's are typically used to filter traffic on an interface. ACL's on Cisco iOS can filter based on

```
- IP address
- Protocols
- Port numbers
```

#### - ACL's can be used for other reasons than just filtering traffic on a link. ACL's can also be used to simply identify data traffic that can than be used for other technologies/protocols. Some examples are QoS, Route Filtering, Route Redistribution, NAT and zone-based firewalls.

#### - On Cisco iOS ACL's come in a couple different flavors. Standard, extended, and named.

<figure><img src="/files/i5THS83wFAc8Pv6ReAJy" alt=""><figcaption><p>ACL Example Diagram</p></figcaption></figure>

## Standard ACLs

#### - Standard ACLs will only let you filter based on the source IP address. Standards ACL numbers range from 1-99, 1399 - 1999.

#### - Standard ACLs best practice is too apply the ACL as close to the destination as possible. The ACEs (Access Control Entries) on standard ACLs will only be based on source IP address.

<figure><img src="/files/aSSL1aL1mTgQOoi4FanK" alt=""><figcaption><p>Standard ACL Example Diagarm</p></figcaption></figure>

## Extended ACls

#### - Extended ACLs give network administrators more granular control over what they can permit/deny. Extended ACLs allow filtering based protocol and port numbers.

#### - Extended ACLs numbers range from 100-199 and 2000 - 2699.

#### - Extended ACLs best practice is too apply the ACL as close to the source as possible. Acesss Control Entries in extended ACLs can be based on source/destination IP, src/dst protocol, and port number.

<figure><img src="/files/1vMIuMrXi3kGyZBLAZpD" alt=""><figcaption><p>Extended ACL Example Diagram</p></figcaption></figure>

## Named ACLs

#### - Named ACLs can be either standard or extended and the main difference is the syntax difference, and how you can edit this ACL on the Cisco iOS.

#### - Named ACLs do not need to be specified by a number, they are created and specified using a **"name"** you create as the administrator.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://trepa-technologies.gitbook.io/networking-technologies-by-johnny-bandin/acls.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.