Extended IPv4 ACLs

Structure of an Extended IPv4 ACL

Testing Packets with Extended ACLs

For more precise traffic-filtering control, extended IPv4 ACLs can be created. Extended ACLs are numbered 100 to 199 and 2000 to 2699, providing a total of 799 possible extended numbered ACLs. Extended ACLs can also be named.

Extended ACLs are used more often than standard ACLs because they provide a greater degree of control. As shown in the figure, like standard ACLs, extended ACLs check source addresses of packets, but they also check the destination address, protocols, and port numbers (or services). This provides a greater range of criteria on which to base the ACL. For example, an extended ACL can simultaneously allow email traffic from a network to a specific destination while denying file transfers and web browsing.