The technical name for an access list is access control list. The individual entries in an access control list are called access control entries, or ACEs. The term access control list isn’t often used in practice; you’ll typically hear these lists referred to simply as access lists or ACLs.
Access lists do more than just control access. They are the means whereby Cisco devices categorize and match packets in any number of interesting ways. Access lists are used as simple filters to allow traffic through interfaces. They are also used to define “interesting traffic” for ISDN dialer maps, and are used in some route maps for matching.
This chapter’s focus will be less on the basics of access list design, and more on making you conscious of its benefits and pitfalls. The tips and tricks in this chapter should help you to write better, more efficient, and more powerful access lists.
When you’re creating access lists (or any configuration, for that matter), it’s a good idea to create them first in a text editor, and then, once you’ve worked out all the details, try them in a lab environment. Anytime you’re working on filters, you risk causing an outage.
Access lists on many Cisco devices can be either named or numbered. Named
access lists are referenced with a name such as
RepelInvaders. Numbered access lists are the
older method, where each ACL is defined by a number such as
101. Where possible, you should get ...