Table of ContentsConfiguring IP Access ListsIntroductionPrerequisitesHardware and Software VersionsUnderstanding ACL ConceptsUsing MasksSummarizing ACLs Processing ACLs Defining Ports and Message Types Applying ACLs Defining In, Out, Source, and Destination Editing ACLs Troubleshooting Types of IP ACLs Network Diagram Standard ACLs Extended ACLs Lock and Key (Dynamic ACLs) IP Named ACLsReflexive ACLsTime-Based ACLs Using Time RangesCommented IP ACL EntriesContext-Based Access ControlAuthentication ProxyTurbo ACLs Distributed Time-Based ACLsReceive ACLsInfrastructure Protection ACLsTransit ACLsRelated InformationTable of ContentsConfiguring IP Access Lists...............................................................................................................................1Introduction..............................................................................................................................................1Prerequisites......................................................................................................................................2Hardware and Software Versions......................................................................................................2Understanding ACL Concepts.................................................................................................................2Using Masks......................................................................................................................................2Summarizing ACLs...........................................................................................................................3 Processing ACLs..............................................................................................................................4 Defining Ports and Message Types..................................................................................................5 Applying ACLs................................................................................................................................5 Defining In, Out, Source, and Destination.......................................................................................5 Editing ACLs....................................................................................................................................6 Troubleshooting................................................................................................................................7 Types of IP ACLs...................................................................................................................................8 Network Diagram.............................................................................................................................8 Standard ACLs.................................................................................................................................8 Extended ACLs................................................................................................................................9 Lock and Key (Dynamic ACLs)....................................................................................................10 IP Named ACLs.............................................................................................................................11Reflexive ACLs...............................................................................................................................11Time−Based ACLs Using Time Ranges.........................................................................................12Commented IP ACL Entries............................................................................................................12Context−Based Access Control.......................................................................................................13Authentication Proxy.......................................................................................................................13Turbo ACLs.....................................................................................................................................14 Distributed Time−Based ACLs......................................................................................................14Receive ACLs..................................................................................................................................14Infrastructure Protection ACLs.......................................................................................................15Transit ACLs...................................................................................................................................15Related Information...............................................................................................................................15Configuring IP Access ListsiConfiguring IP Access ListsIntroductionPrerequisitesHardware and Software VersionsUnderstanding ACL ConceptsUsing MasksSummarizing ACLsProcessing ACLsDefining Ports and Message TypesApplying ACLsDefining In, Out, Source, and DestinationEditing ACLsTroubleshootingTypes of IP ACLsNetwork DiagramStandard ACLsExtended ACLsLock and Key (Dynamic ACLs)IP Named ACLsReflexive ACLsTime−Based ACLs Using Time RangesCommented IP ACL EntriesContext−Based Access ControlAuthentication ProxyTurbo ACLsDistributed Time−Based ACLsReceive ACLsInfrastructure Protection ACLsTransit ACLsRelated InformationIntroductionThis document explains how IP access control lists (ACLs) can filter network traffic. It also contains briefdescriptions of the IP ACL types, feature availability, and an example of use in a network.To determine the support of some of the more advanced Cisco IOS® IP ACL features, registered users canaccess the Software Advisor tool.RFC 1700 contains assigned numbers of well−known ports. RFC 1918 contains address allocation forprivate internets (IP addresses which should not normally be seen on the Internet).Note: ACLs may also be used for purposes other than filtering IP traffic, such as defining traffic to NetworkAddress Translate (NAT) or encrypt, or filtering non−IP protocols such as AppleTalk or IPX. A discussion ofthese functions is outside the scope of this document.Configuring IP Access ListsPrerequisitesThere are no specific prerequisites for using this document. The concepts discussed are present in Cisco IOSSoftware Releases 8.3 or later, as noted under each