An Access Control List (ACL) is generically a method for doing pattern matching on protocol information. There are many reasons for doing this type of pattern matching, such as restricting access for security reasons, as well as restricting routing tables for performance reasons.

Cisco has several different general kinds of access-lists. The most common are the numbered ACLs, which we summarize in Table 19-1. But there are also named access-lists, reflexive access-lists, timed access-lists, context-based access-lists, and rate-limit access-lists. Within each of these general categories, there are many different types of ACLs that match on different protocol information. When working with route filtering, it is often easiest to work with prefix lists, which are another type of ACL that we discuss in more detail in Chapters 6, 7, 8, and 9.

You can apply an ACL in many different ways. Applied to an interface, you can use it to accept or reject incoming or outgoing packets, based on protocol information such as source or destination address, port number, protocol number, and so forth. Applied to a routing protocol, this same ACL might prevent the router from sharing information about this particular route. And applied to a route-map, the ACL could just identify packets that need to be tagged or treated differently.

Table 19-1 shows all of the current ranges for numbered access-lists. Cisco periodically adds new ranges to this list, so earlier IOS levels may not support all ...