IOS access list numbering scheme

Shane sent me a really interesting question: he was wondering why there's such a huge gap between the (numbered) extended IP ACL (100 – 199) and the extended range of standard IP ACL (1300 – 1999).

Some of you might be old enough to know that Cisco IOS supports (or used to support) around 10 different layer-3 protocols (IP being the most popular these days) and each one of them (if it was added to IOS early enough when the parser was still somewhat immature) required its own range of numbered ACL. I’ve summarized all of them in the “IOS Access List numbering scheme” article in the CT3 wiki.

Continue reading the article …


  1. Not only Vines have separate access-list numbering space. X.29 access-list has range from 1 to 199. It was designed this way because access-group <number> can be used only once in line configuration. If you would like to limit access to the router CLI from IP and from X.121 026012213... then you must create both access-lists with the same number.

  2. you must create both access-lists with the same number.
    Misbah Mumtaz

  3. Ivan Pepelnjak08 April, 2011 07:17

    Then you'd have one single ACL :-P


You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354 Emeritus, is an independent network architect. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.