10.1 Access Lists
10.1.1 Standard and extended access list syntax
An IP access list is a sequential collection of permit and deny conditions that apply to IP addresses or upper-layer IP protocols. There are two types of IP access lists, standard and extended. The Cisco IOS also supports access lists for numerous other protocols, as shown in Figure . The following sections focus on standard and extended IP access lists, including:
  • a named list configuration
  • a time-based extended list configuration
  • access list remarks (descriptions)
  • access list application

Standard IP access lists (numbered 1 to 99 and 1300 to 1999) filter based on source address only. The syntax for a standard list is relatively straightforward (see Figure ).

Extended IP access lists (numbered 100 to 199 and 2000 to 2699) offer more control than standard access lists by filtering based on source address, destination address, or protocol characteristics. The command syntax for an extended list is far more complex than that for a standard list. Figure presents a simplified syntax. A look at each of the parameters in this syntax is beyond the scope of this chapter, although the keywords time-range and established are discussed in the sections that follow.