Access List Numbers - Cisco IE-4000 Software Configuration Manual

Configuring Network Security with ACLs
Information About Network Security with ACLs
Standard and Extended IPv4 ACLs
This section describes IP ACLs. An ACL is a sequential collection of permit and deny conditions. One by one, the switch
tests packets against the conditions in an access list. The first match determines whether the switch accepts or rejects
the packet. Because the switch stops testing after the first match, the order of the conditions is critical. If no conditions
match, the switch denies the packet.
The software supports these types of ACLs or access lists for IPv4:

Standard IP access lists use source addresses for matching operations.

Extended IP access lists use source and destination addresses for matching operations and optional protocol-type
information for finer granularity of control.
The switch always rewrites the order of standard access lists so that entries with host matches and entries with matches
having a don't care mask of 0.0.0.0 are moved to the top of the list, above any entries with non-zero don't care masks.
Therefore, in show command output and in the configuration file, the ACEs do not necessarily appear in the order in
which they were entered.
After creating a numbered standard IPv4 ACL, you can apply it to terminal lines (see
Line, page 560), to interfaces (see
Maintaining Network Security with ACLs, page

Access List Numbers

The number you use to denote your ACL shows the type of access list that you are creating.
the access-list number and corresponding access list type and shows whether or not they are supported in the switch.
The switch supports IPv4 standard and extended access lists, numbers 1 to 199 and 1300 to 2699.
Applying an IPv4 ACL to an Interface, page
562).
548
Applying an IPv4 ACL to a Terminal
560), or to VLANs (see Monitoring and
Table 55 on page 549 lists