Chapter 23. Access Lists
The technical name for an access list is access-control list, or ACL. The individual entries in an access-control list are called access-control entries, or ACEs. The term access-control list isn’t often used in practice; you’ll typically hear these lists referred to simply as access lists or ACLs.
Access lists do more than just control access. They are the means whereby Cisco devices categorize and match packets in any number of interesting ways. Access lists are used as simple filters to allow traffic through interfaces. They are also used to define “interesting traffic” for ISDN dialer maps, and are used in some route maps for matching.
Designing Access Lists
This focus of this chapter will be less on the basics of access-list design, and more on making you conscious of the benefits and pitfalls of access-list design. The tips and tricks in this chapter should help you to write better, more efficient, and powerful access lists.
When creating access lists (or any configuration, for that matter), it’s a good idea to create them first in a text editor, and then, once you’ve worked out all the details, try them in a lab environment. Any time you’re working on filters, you risk causing an outage.
Wildcard masks (also called inverse masks) can be confusing because they’re the opposite, in binary, of normal subnet masks. In other words, the wildcard mask you would use to match a range that would be described with a subnet mask of 255.255.255.0 would ...