CCNA 47

ACLs stand for Access Control Lists. It is more commonly referred to it as Access-Lists. Access-Lists can be used for permitting network access, but can also be used to identify traffic to be affected by services. Access lists can be used for:-Access control
-NAT
-QoS
-Demand Dial Routing
-Policy Routing
-Route Filtering

ACLs are read from top to bottom. It stops at the first match. If nothing is matched, there is an implicit DENY at the bottom. When used for access control, it is applied to an interface inbound or outbound.

An ACL applied inbound on an interface catches anything coming in from external sources. An ACL applied outbound catches anything about to leave out of that interface.

There are different types of access lists:
-Standard
-Extended
-Dynamic
-Established
-Time-Based
-Context-Based Access Control (Cisco IOS Firewall, then Zone Based Firewall)

Dynamic access-lists can allow authentication. For example, an employee can be let through after telnetting in and authenticating. Time-based makes use of the router's time and comes into effect at certain times.

Standard
-Matches based on source address
-Lower processor utilization

Extended
-Matches based on protocol, S/D address and S/D port number
-Higher processor utilization

Established
-Allows return traffic for internal requests