1.5 Access List Overview
1.5.5 Testing packets with access lists
For TCP/IP packet filters, Cisco IOS access lists check the packet and upper-layer headers.

You will learn how to check packets for:

  • Source IP addresses using standard access lists; identify these with a number in the range 1 to 99.
  • Destination and source IP addresses or specific protocols using extended access lists; identify these with a number in the range 100 to 199.
  • Upper-level TCP or UDP port numbers in addition to the other tests in extended access lists; also identify these with a number in the range 100 to 199.

For all of these access lists, after a packet matches an access list statement, it can be denied or permitted using the selected interface.