Options for permit/deny policies
The permit or deny policy for IPv4 traffic you want to filter can be based on source address alone, or on source address plus other IPv4 factors.
-
Standard ACL: Uses only a packet's source IPv4 address as a criterion for permitting or denying the packet. For a standard ACL ID, use either a unique numeric string in the range of 1-99 or a unique name string of up to 64 alphanumeric characters.
-
Extended ACL: Offers the following criteria as options for permitting or denying a packet:
-
source IPv4 address
-
destination IPv4 address
-
IPv4 protocol options:
-
Any IPv4 traffic
-
Any traffic of a specific IPv4 protocol type (0-255)
-
Any TCP traffic (only) for a specific TCP port or range of ports, including optional use of TCP control bits or control of connection (established) traffic based on whether the initial request should be allowed
-
Any UDP traffic (only) or UDP traffic for a specific UDP port
-
Any ICMP traffic (only) or ICMP traffic of a specific type and code
-
Any IGMP traffic (only) or IGMP traffic of a specific type
-
-
Carefully plan ACL applications before configuring specific ACLs.