Building network automation solutions

9 module online course

Start now!

IOS access list numbering scheme

Shane sent me a really interesting question: he was wondering why there's such a huge gap between the (numbered) extended IP ACL (100 – 199) and the extended range of standard IP ACL (1300 – 1999).

Some of you might be old enough to know that Cisco IOS supports (or used to support) around 10 different layer-3 protocols (IP being the most popular these days) and each one of them (if it was added to IOS early enough when the parser was still somewhat immature) required its own range of numbered ACL. I’ve summarized all of them in the “IOS Access List numbering scheme” article in the CT3 wiki.

Continue reading the article …


  1. Not only Vines have separate access-list numbering space. X.29 access-list has range from 1 to 199. It was designed this way because access-group <number> can be used only once in line configuration. If you would like to limit access to the router CLI from IP and from X.121 026012213... then you must create both access-lists with the same number.
  2. you must create both access-lists with the same number.
    Misbah Mumtaz
  3. Then you'd have one single ACL :-P
Add comment