The simple CLI parser implemented in early releases of Cisco IOS
recognized only numbered access lists. The protocols supported early in
the Cisco IOS history were thus using numbered access lists to filter
traffic or routing updates.
Most of the access lists were using common address space. Banyan
Vines access lists were an exception, they were always configured with
the
vines access-list configuration command and used their own independent numbering scheme. Rate-limit access-lists (configured with
access-list rate-limit number) also use an independent address space.
The first protocol using named access lists was CLNS. Named
standard and extended access lists were later added to IP. As numerous
IP features still expected an access-list number in the configuration
commands even after the named IP access lists were introduced, the
address space of the numbered IP access lists was expanded.
The following table documents the IOS access-list numbering conventions:
| Start
| End
| Description
|
| 1
| 99
| IP standard access lists
|
| 100
| 199
| IP extended access lists
|
| 200
| 299
| Protocol type-code access lists (used in bridging filters)
|
| 300
| 399
| DECnet standard access lists
|
| 400
| 499
| XNS standard access lists
|
| 500
| 599
| XNS extended access lists
|
| 600
| 699
| AppleTalk cable range access lists
|
| 700
| 799
| MAC address access lists (used in bridging filters)
|
| 800
| 899
| Novell IPX standard access lists
|
| 900
| 999
| Novell IPX extended access lists
|
| 1000
| 1099
| Novell IPX SAP access lists
|
| 1100
| 1199
| MAC address access lists (extended range)
|
| 1200
| 1299
| Novell IPX NLSP access lists
|
| 1300
| 1999
| IP standard access lists (extended range)
|
| 2000
| 2699
| IP extended access lists (extended range)
|
Rate limit access lists configured with the
access-list rate-limit global configuration command and used in the
rate-limit input|output access-group rate-limit number rate interface configuration command use the following numbers (independent from the access-list numbering scheme):
| Start
| End
| Description
|
| 1
| 99
| Precedence ACL
|
| 100
| 199
| MAC address ACL
|
| 200
| 299
| MPLS EXP bits ACL
|
Banyan Vines access lists configured with the
vines access-list number global configuration commands used the following numbering scheme:
| Start
| End
| Description
|
| 1
| 100
| Standard ACL
|
| 101
| 200
| Extended ACL
|
| 201
| 300
| Simple ACL
|
No comments:
Post a Comment