Configuring standard ACLs

A standard ACL uses only source IPv4 addresses in its ACEs. This type of ACE is useful when you need to:
  • Permit or deny any IPv4 traffic based on source address only.

  • Quickly control the IPv4 traffic from a specific address. This allows you to isolate IPv4 traffic problems generated by a specific device, group of devices, or a subnet threatening to degrade network performance. This gives you an opportunity to troubleshoot without sacrificing performance for users outside of the problem area.

A named, standard ACL is identified by an alphanumeric string of up to 64 characters and is created by entering the Named ACL (nacl) context. A numbered, standard ACL is identified by a number in the range of 1 - 99 and is created without having to leave the global config context. Note that the CLI command syntax for creating a named ACL differs from the command syntax for creating a numbered ACL. For example, the first pair of entries below illustrate how to create (or enter) a named, standard ACL and enter an ACE. The next entry illustrates creating a numbered, standard ACL with the same ACE.

switch(config)# ip access-list standard Test-List
switch(config-std-nacl)# permit host
switch(config)# access-list 1 permit host

Note that once a numbered ACL has been created, it can be accessed using the named ACL method. This is useful if it becomes necessary to edit a numbered ACL by inserting or removing individual ACEs. Inserting or deleting an ACE is done by sequence number, and requires the Named ACL (nacl) context. The switch allows a maximum of 2048 unique ACL identities (IPv4 and IPv6 combined). For more on this topic, see Monitoring shared resources.