1.5 Access List Overview
1.5.1 What are access lists?
Access lists allow an administrator to specify conditions that determine how a router will control traffic flow. Access lists are used to permit or deny traffic through a router interface. The two main types of access lists are standard and extended.

Standard access lists

  • Standard access lists for IP check the source address of packets that could be routed. The result permits or denies output for an entire protocol suite, based on the network/subnet/host address.
  • For example, packets coming in E0 are checked for address and protocol. If permitted, the packets are routed through S0.
  • If the packets are denied by the standard access list, all these packets for the given category are dropped.

Extended access lists

  • Extended access lists check for both source and destination packet addresses. They also can check for specific protocols, port numbers, and other parameters. This allows administrators more flexibility to describe what checking the access list will do. Packets can be permitted or denied output based on where the packet originated and on its destination.
  • The extended access list also permits or denies with more granularity. For example, it can allow electronic mail traffic from E0 to specific S0 destinations, while denying remote logins or file transfers.