What is ACL (Access Control List)?

An Access Control List (ACL) is a set of rules that is usually used to filter network traffic. ACLs can be configured on network devices with packet filtering capatibilites, such as routers and firewalls.

ACLs containts a list of conditions that categorize packets and help you determine when to allow or deny network traffic. They are applied on the interface basis to packets leaving or entering an interface. Two types of ACLs are available on a Cisco device:

  • standard access lists – allow you to evaluate only the source IP address of a packet. Standard ACLs are not as powerful as extended access lists, but they are less CPU intensive for the device.
  • extended access lists – allow you to evaluate the source and destination IP addresses, the type of Layer 3 protocol, source and destination port, and other parameters. Extended ACLs are more complex to configure and require more CPU time than the standard ACLs, but they allow more granular level of control.

To understand the benefits of using ACLs in your network, consider the following network topology:

acls example

Let’s say that Server holds some important documents that need to be available only to the administrator. We can configure an access list on R1 to enable access to Server only for the administrator’s workstation. Any other traffic going to Server will be blocked. This way, we can ensure that only authorized user can access sensitive files on Server.

ACLs are not used exclusively for packet filtering. They are also used to match packets for Network Address Translation (NAT), to match packets to make quality of service (QoS) decisions, and other purposes.
Geek University 2021