Options for permit/deny policies
The permit or deny policy for IPv4 traffic you want to filter can be based on source address alone, or on source address plus other IPv4 factors.
Standard ACL: Uses only a packet's source IPv4 address as a criterion for permitting or denying the packet. For a standard ACL ID, use either a unique numeric string in the range of 1-99 or a unique name string of up to 64 alphanumeric characters.
- Extended ACL: Offers the following criteria as options for permitting or denying a packet:
source IPv4 address
destination IPv4 address
- IPv4 protocol options:
Any IPv4 traffic
Any traffic of a specific IPv4 protocol type (0-255)
Any TCP traffic (only) for a specific TCP port or range of ports, including optional use of TCP control bits or control of connection (established) traffic based on whether the initial request should be allowed
Any UDP traffic (only) or UDP traffic for a specific UDP port
Any ICMP traffic (only) or ICMP traffic of a specific type and code
Any IGMP traffic (only) or IGMP traffic of a specific type
Any of the above with specific precedence and ToS settings
Carefully plan ACL applications before configuring specific ACLs. For more on this topic, see Configuring named, standard ACLs.