Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What is difference between standard and extended acl?

user-image
Question added by DOLAMANI MEHER
Date Posted: 2016/12/26
Deleted user
by Deleted user

Extended ACLs allow protocols as well as ports and services to be specified and applied to both networks and individual IP addresses.

 

The example below of an Extended ACL will permit all hosts on the network to connect to WWW services, but only allow the host with IP address .1.1.5 to connect to external SSH services.  All other types of traffic originated by all hosts are denied by the implicit deny present at the end of all basic as well as extended ACLs:

 

Router(config)# ip access-list extended testextacl

Router(config-ext-nacl)# permit tcp any any eq www

Router(config-ext-nacl)# permit tcp host.1.1.5 any eq ssh

Router(config-ext-nacl)# exit

 

Hope this helps :)

Muhammed Himshar
by Muhammed Himshar , Network Engineer , KAHRAMAA”QATAR General Electricity & Water Corporation

In general ACLs (Access-Control Lists) are mainly used to filter packets going through a router. There are two types ACLs.

1. Standard ACL - In this filtering a packet is based on source IP address only.

2. Extended ACL- In this we can filter packets based on their source & destination IP , Protocol, and Port number (TCP/UDP).

 

Sheldon Pereira
by Sheldon Pereira , Network Services Specialist (SDWAN) , Ibm - India

Standard ACL only filters traffic based on the 'source' IP address. That means any traffic coming from the source address specified in the standard access-list will be just permitted or denied based on the conditions that are set.

Extended ACLS can filter based on more criterias such as source/destination/ports/protocols/applications..etc. This means that you have more granular control over the access-list, for example you can deny just telnet sessions from a source IP address and you can allow everything else, or you can permit just FTP sessions to a particular destination IP address and deny everything else..etc

Hassan Araman
by Hassan Araman , PRIVATE INVESTOR /PROJECT FINANCIER , PRIVATE INVESTOR LINE

We Offer personalized service for all your financial needs at a very low interest rate of 2% Interest rate, I Offer Personal Loans, Debt Consolidation Loan, Venture Capital, Business Loan, Educational Loan, Home Loan, and Loan for any reason and urgent needs!. with a maximum duration of 30 years.We uphold Professional Excellence, our definition of excellence lies in; Outstanding Customer Service, Affordable Payment & Repayment Plans, Fast & Easy Process.If you are interested in benefiting from this ample opportunity kindly reply for more information.We await your response.CONTACT EMAIL:skype:  hassan.araman

More Questions Like This