Skip navigation
Login   |   Register
Cisco Learning Home > Certifications > Routing & Switching (CCNA) > Discussions


This Question is Answered
34316 Views 9 Replies Latest reply: Jun 9, 2010 6:19 AM by Prajit G Nair RSS

Currently Being Moderated

Standard access list and Extended access list?

Jun 8, 2010 11:24 PM

Prajit G Nair 107 posts since
Aug 30, 2009

Can anyone tell me when do we use Standard access list and when do we use Extended access list?

  • Angela 746 posts since
    Jan 29, 2010

    There are 2 general differences between the two:


    - Standard ACL specify only the source, implying traffic for all destination while you can specify traffic from one source to one destination for extended ACL. e.g standard ACL allow you to deny traffic for, which completely block the user from any type of traffic. Basically, that user doesn't own a NOS right now, s/he owns a simple computer that can't talk to anyone. Extended ACL allow you to specify conversation between, e.g Bill and Jill, but no preventing Bill from talking to anyone else.


    - Another significant difference is that standard ACL denies/permits all traffic whereas extended ACL selectively deny/permit some or all traffic depending on your preference. A standard ACL denial means all types of traffic is blocked, data, video, or music. On the other hand, an extended ACL can deny only video and music but allow data. This is how the company get its employees to work. NO ENTERTAINMENT allowed.




    Join this discussion now: Login / Register
  • Mike DeYoung 146 posts since
    Jun 23, 2009

    Hi Prajit,


    Maybe this will be helful...


    Standard                                 Extended
    Match Source (entire protocol)  Match Source & Destination (individual port)
    # 1-99, 1300-1999                    #100-199, 2000-2699
    Place close to dest                 Place close to source


    ACL’s are used for traffic classification and well as traffic filtering. For example, you would use a standard ACL for classifying traffic for NAT processes (or VPN or QoS). Generally you would use a extended ACL for traffic filtering.


    -Mike DeYoung

    Join this discussion now: Login / Register
  • rosscourtnell 104 posts since
    Jun 30, 2008

    Hi Prajit

    Put simply....

    A standard ACL can permit or deny trafiic based only on the source address(s).

    An extended ACL can permit or deny traffic based on both the source and destination address(s) as well as tcp/udp/icmp trafic types.



    Join this discussion now: Login / Register
  • rosscourtnell 104 posts since
    Jun 30, 2008



    It sounds like you have blocked all traffic from that PC which indicates to me that you may have not put a permit statement in your access list to allow other traffic to the PC. Dont forget there is an implicit deny any at the end of every ACL so if you only have deny statements in your ACL then no traffic will pass.



    Join this discussion now: Login / Register
  • rosscourtnell 104 posts since
    Jun 30, 2008

    The source is where the traffic is coming from and the destination is where the traffic is going to.


    The attached simple diagram may help.



    Join this discussion now: Login / Register


More Like This

  • Retrieving data ...

Bookmarked By (0)