IOS access list numbering scheme

Shane sent me a really interesting question: he was wondering why there's such a huge gap between the (numbered) extended IP ACL (100 – 199) and the extended range of standard IP ACL (1300 – 1999).

Some of you might be old enough to know that Cisco IOS supports (or used to support) around 10 different layer-3 protocols (IP being the most popular these days) and each one of them (if it was added to IOS early enough when the parser was still somewhat immature) required its own range of numbered ACL. I’ve summarized all of them in the “IOS Access List numbering scheme” article in the CT3 wiki.

Continue reading the article …

3 comments:

  1. Not only Vines have separate access-list numbering space. X.29 access-list has range from 1 to 199. It was designed this way because access-group <number> can be used only once in line configuration. If you would like to limit access to the router CLI from IP 192.168.1.0/24 and from X.121 026012213... then you must create both access-lists with the same number.

    ReplyDelete
  2. you must create both access-lists with the same number.
    Thanks
    Misbah Mumtaz

    ReplyDelete
  3. Ivan Pepelnjak08 April, 2011 07:17

    Then you'd have one single ACL :-P

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.