Skip navigation
Cisco Learning Home > Certifications > Routing & Switching (CCNA) > Discussions

_Communities

This Question is Answered
26233 Views 9 Replies Latest reply: Jun 9, 2010 6:19 AM by Prajit G Nair RSS

Currently Being Moderated

Standard access list and Extended access list?

Jun 8, 2010 11:24 PM

Prajit G Nair 107 posts since
Aug 30, 2009

Can anyone tell me when do we use Standard access list and when do we use Extended access list?

  • Angela 746 posts since
    Jan 29, 2010

    There are 2 general differences between the two:

     

    - Standard ACL specify only the source, implying traffic for all destination while you can specify traffic from one source to one destination for extended ACL. e.g standard ACL allow you to deny traffic for 192.168.1.20, which completely block the user from any type of traffic. Basically, that user doesn't own a NOS right now, s/he owns a simple computer that can't talk to anyone. Extended ACL allow you to specify conversation between, e.g Bill and Jill, but no preventing Bill from talking to anyone else.

     

    - Another significant difference is that standard ACL denies/permits all traffic whereas extended ACL selectively deny/permit some or all traffic depending on your preference. A standard ACL denial means all types of traffic is blocked, data, video, or music. On the other hand, an extended ACL can deny only video and music but allow data. This is how the company get its employees to work. NO ENTERTAINMENT allowed.

     

     

    Regards

  • Mike DeYoung 141 posts since
    Jun 23, 2009

    Hi Prajit,

     

    Maybe this will be helful...

     

    Standard                                 Extended
    Match Source (entire protocol)  Match Source & Destination (individual port)
    # 1-99, 1300-1999                    #100-199, 2000-2699
    Place close to dest                 Place close to source

     

    ACL’s are used for traffic classification and well as traffic filtering. For example, you would use a standard ACL for classifying traffic for NAT processes (or VPN or QoS). Generally you would use a extended ACL for traffic filtering.

     

    -Mike DeYoung

  • rosscourtnell 104 posts since
    Jun 30, 2008

    Hi Prajit


    Put simply....


    A standard ACL can permit or deny trafiic based only on the source address(s).


    An extended ACL can permit or deny traffic based on both the source and destination address(s) as well as tcp/udp/icmp trafic types.


    HTH


    Ross

  • rosscourtnell 104 posts since
    Jun 30, 2008

    Prajit

     

    It sounds like you have blocked all traffic from that PC which indicates to me that you may have not put a permit statement in your access list to allow other traffic to the PC. Dont forget there is an implicit deny any at the end of every ACL so if you only have deny statements in your ACL then no traffic will pass.

     

    Ross

  • rosscourtnell 104 posts since
    Jun 30, 2008

    The source is where the traffic is coming from and the destination is where the traffic is going to.

     

    The attached simple diagram may help.

     

    EXAMPLE.JPG

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)