10.1 Traffic Management Techniques
10.1.2 IP access lists
An IP access list is a sequential collection of permit and deny conditions that apply to IP addresses or upper-layer IP protocols. Figure shows the types of access lists and the available list numbers for IP.

IP access lists come in two formats. Standard access lists filter based on source address only. Extended access lists offer more control by filtering based on source address, destination address, or protocol characteristics. Access lists are a fundamental tool for managing IP traffic. Access lists can be applied to a network interface or virtual terminal line, as shown in Figure .

Access lists are applied to one or more interfaces and can filter inbound traffic or outbound traffic, depending on the configuration. Inbound access lists are generally more efficient than outbound, and are, therefore, preferred. A router with an outbound access list must switch every packet and then see whether it matches access-list criteria before forwarding the packet. 

Access lists are used to define input traffic to other technologies, such as priority and custom queuing and dial-on-demand routing (DDR). Access lists serve many purposes, some of which are shown in the following list:

  • To control the transmission of packets on an interface
  • To select the interesting traffic that initiates a DDR connection
  • To restrict contents of routing updates

In this chapter, you will learn to use access lists to manage IP traffic.