SDN/SDDC Retreat in Miami, Florida (November 4th-6th)
Separate SDN hype from real life!

IOS access list numbering scheme

Shane sent me a really interesting question: he was wondering why there's such a huge gap between the (numbered) extended IP ACL (100 – 199) and the extended range of standard IP ACL (1300 – 1999).

Some of you might be old enough to know that Cisco IOS supports (or used to support) around 10 different layer-3 protocols (IP being the most popular these days) and each one of them (if it was added to IOS early enough when the parser was still somewhat immature) required its own range of numbered ACL. I’ve summarized all of them in the “IOS Access List numbering scheme” article in the CT3 wiki.

Continue reading the article …


  1. Not only Vines have separate access-list numbering space. X.29 access-list has range from 1 to 199. It was designed this way because access-group <number> can be used only once in line configuration. If you would like to limit access to the router CLI from IP and from X.121 026012213... then you must create both access-lists with the same number.

  2. you must create both access-lists with the same number.
    Misbah Mumtaz

  3. Ivan Pepelnjak08 April, 2011 07:17

    Then you'd have one single ACL :-P


You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.