The two types of Cisco IPv4 ACLs are standard and extended.

Note: Cisco IPv6 ACLs are similar to IPv4 extended ACLs and are discussed in a later section.

Standard ACLs

Standard ACLs can be used to permit or deny traffic only from source IPv4 addresses. The destination of the packet and the ports involved are not evaluated. The example in Figure 1 allows all traffic from the 192.168.30.0/24 network. Because of the implied "deny any" at the end, all other traffic is blocked with this ACL. Standard ACLs are created in global configuration mode.

Extended ACLs

Extended ACLs filter IPv4 packets based on several attributes:

In Figure 2, ACL 103 permits traffic originating from any address on the 192.168.30.0/24 network to any IPv4 network if the destination host port is 80 (HTTP). Extended ACLs are created in global configuration mode.

The commands for ACLs are explained in the next few topics.

Note: Standard and extended ACLs are discussed in more detail later in this chapter.