





Many different protocols can use access control lists (ACL), In the CCNA Routing and switching, vendor certification exams are only concerned with IPv4 ACLs. The following tables show some of the other protocols that can use ACLs.

















1–99 or 1300–1999 Standard IPv4 100–199 or 2000–2699 Extended IPv4





In IPv6 ACLs we do not use numbers, The IPv6 ACLs are configured by using names only.









permit or deny statement in an ACL syntax. A wildcard mask can identify a single host and a range of hosts or a complete network subnetwork. When ACL applied to an IP address, a wildcard mask identifies which addresses get matched to be applied to theorstatement in an ACL syntax. A wildcard mask can identify a single host and a range of hosts or a complete network subnetwork.





There are two rules when working with wildcard masks:





■ match. A 0 (zero) in a wildcard mask means to check the corresponding bit in the address for an exactmatch.





■ x. A 1 (one) in a wildcard mask means to ignore the corresponding bit in the address—can be either 1 or 0. In the examples, this is shown as





A 0 Example:





Example 1: 172.16.0.0 0.0.255.255

IP address: 172.16.0.0

Binary Conversion: 10101100.00010000.00000000.00000000

Default Subnet Mask: 255.255.0.0

Wildcard Mask: 0.0.255.255

Binary Conversion of Wild card mask: 00000000.00000000.11111111.11111111

Sum Result = 10101100.00010000.xxxxxxxx.xxxxxxxx (Ignored one’s)

(Anything between 172.16.0.0 and 172.16.255.255 matches the example statement.) 172.16.x.x(Anything between 172.16.0.0 and 172.16.255.255 matches the examplestatement.)





An octet of all Zero's (0s) means that the octet has to match exactly to the address.





An octet of all One's (1s) means that the octet can be ignored.





A 1 Example:





Example 1: 172.16.0.0 0.0.7.255

IP address: 172.16.8.0

Binary Conversion: 10101100.00010000.00001000.00000000

Default Subnet Mask: 255.255.248.0

Wildcard Mask: 0.0.7.255

Binary Conversion of Wild card mask: 00000000.00000000.00000111.11111111

Sum Result = 10101100.00010000.00001xxx.xxxxxxxx (Ignored one’s)

00001xxx = 00001000 to 00001111 = 8–15

xxxxxxxx = 00000000 to 11111111 = 0–255





Anything subnets between 172.16.8.0 and 172.16.15.255 matches the example statement.









Any: Any the keyword is used in place of 0.0.0.0 255.255.255.255, matches any address that it is compared against





Host: Host a keyword is used in place of 0.0.0.0 in the wildcard mask, matches only one specific address.





Standard ACLs:





ACL. Standard ACLs are the oldest type of ACL. Standard ACLs control the traffic by comparing the source of the IP packets to the addresses configured in theACL.





Each line enters an ACL is called an access control entry (ACE). Many access control entry ACEs grouped to form a single ACL.



