Options for permit/deny policies

The permit or deny policy for IPv4 traffic you want to filter can be based on source address alone, or on source address plus other IPv4 factors.

  • Standard ACL: Uses only a packet's source IPv4 address as a criterion for permitting or denying the packet. For a standard ACL ID, use either a unique numeric string in the range of 1-99 or a unique name string of up to 64 alphanumeric characters.

  • Extended ACL: Offers the following criteria as options for permitting or denying a packet:
    • source IPv4 address

    • destination IPv4 address

    • IPv4 protocol options:
      • Any IPv4 traffic

      • Any traffic of a specific IPv4 protocol type (0-255)

      • Any TCP traffic (only) for a specific TCP port or range of ports, including optional use of TCP control bits or control of connection (established) traffic based on whether the initial request should be allowed

      • Any UDP traffic (only) or UDP traffic for a specific UDP port

      • Any ICMP traffic (only) or ICMP traffic of a specific type and code

      • Any IGMP traffic (only) or IGMP traffic of a specific type

    For an extended ACL ID, use either a unique number in the range of 100-199 or a unique name string of up to 64 alphanumeric characters.

Carefully plan ACL applications before configuring specific ACLs.