Creating Extended ACLs
Extended ACLs are sometimes the preferred choice as they allow you to filter specific traffic types, in contrast with standard ACLs. Extended ACLs use the following range of numbers:
- 100 to 199
- 2,000 to 2,699
To create a numbered extended ACL on a Cisco IOS router, use the access-lists
global configuration command followed by a number within the range 100 to 199 or 2,000 to 2,699 on the device.
The following is the full syntax used to create a numbered extended ACL:
Router(config)# access-list access-list-number [ deny | permit | remark ] protocol [source source-wildcard] [operator port] [port-number or name] [destination destination-wildcard] [operator port] [port-number or name]
The following is a description of the new syntax used within an extended ACL:
- Protocol: Specifies the protocol type, such as IP, ICMP, TCP, UDP, and so on.
- Operator: Used to compare the source or destination ports. The
eq
operator means equal,...