Extended Access Control list

Extended Access Control list

Extended Access Control lists are a group of conditions that are wrapped together by a particular name or number. The conditions used in this group are the number. And these conditions are used to avoid traffic on routes. Through these conditions, we can avoid or filter traffic

There are certain steps used for ACLs and are as follows:

  1.     As a sequential order, they are processed from top to bottom.
  2.   Until the matches are found ACL conditions are checked.
  3.  Once the match got found it stops its checking.
  4.  Based on the conditions interface take the action. The two possible actions are permissible and deny.
  5.   The packets are allowed to exit from interface only if the conditions got matched.
  6.  A packet will be allowed to exit from interface only if the permit condition gets matched otherwise the packet gets destroyed if they deny condition matches.
  7. If conditions are mismatched packets get destroyed.

One type of access control list used is the EAC list. In an extended control list, they can differentiate the IP traffic, unlike the Standard Access Control List. In Extended ACL they use both source and destination address and the port number to differentiate the IP traffic. Extended control list filter packets which are near to source address. We can create and configure the EAC lists using an access list and access-group command respectively.


  • To the source, they seem to be closed but not.
  • Based on the source address, destination address and the port number the packet filtering takes place.
  • Specified services will be accessed or denied in extended ACLs.
  • A range created for ACL is from 100-199 and can be extended to 2000-2699.
  • Extended control list rules can’t be deleted if it happens all the access lists will be deleted.
  • If the extended access control list contains the names then they are easy to delete those rules.


Filtrating of networks is based on the destination IP addresses, destination addresses and also port numbers. Usually, the standard access control lists are placed in a router and the router must be placed close to the source network. If it is not kept near to the source the unwanted traffics may absorb the bandwidth till the destination which may create traffic problems in the network.

Also, read…

Download Where should the Extended Access Control list be placed? in pdf- Click here


Close Menu