Home Whiteboard Practice Code Graphing Calculator Online Compilers Articles Tools
Tutorials Courses Jobs

Standard Access List

Computer Network Computers Computer Science

A Standard Access List is a type of Access Control List (ACL) used in network routers to filter traffic based solely on the source IP address. It provides a fundamental method for controlling network access by permitting or denying packets from specific hosts or networks.

Standard access lists are numbered 1-99 and 1300-1999, making them easily identifiable in router configurations. Unlike extended access lists, they cannot filter based on destination addresses, protocols, or port numbers.

How Standard Access Lists Work

When a packet arrives at a router interface with an applied standard access list, the router examines only the source IP address against the configured rules. The list is processed sequentially from top to bottom, and the first matching rule determines the action.

Standard Access List Filtering Process Source Host Router with Standard ACL Checks Source IP Permit/Deny Destination Blocked Traffic Green line: Permitted traffic | Red dashed: Denied traffic

Creating a Standard Access List

The basic syntax for creating a standard access list is:

Router(config)# access-list [number] [permit|deny] [source-address] [wildcard-mask]

Configuration Examples

Router(config)# access-list 10 deny host 192.168.1.5
Router(config)# access-list 10 permit 192.168.1.0 0.0.0.255
Router(config)# access-list 10 deny any

The first command blocks a specific host, the second permits an entire subnet, and the third creates an implicit deny for all other traffic.

Applying Standard Access Lists

After creation, the access list must be applied to an interface:

Router(config)# interface FastEthernet0/0
Router(config-if)# ip access-group 10 in

Standard access lists can be applied inbound (filtering traffic entering the interface) or outbound (filtering traffic leaving the interface).

Standard vs Extended Access Lists

Feature Standard ACL Extended ACL
Number Range 1-99, 1300-1999 100-199, 2000-2699
Filtering Criteria Source IP only Source/Dest IP, Protocols, Ports
Placement Close to destination Close to source
Granularity Limited High

Best Practices

  • Placement Apply standard ACLs as close to the destination as possible to avoid blocking legitimate traffic unnecessarily.

  • Order matters Rules are processed sequentially; place more specific rules before general ones.

  • Implicit deny Remember that all access lists end with an implicit "deny any" statement.

  • Testing Always test access lists in a non-production environment before implementation.

Limitations

Standard access lists have significant limitations compared to extended ACLs. They cannot distinguish between different types of traffic from the same source, making them less suitable for complex filtering requirements. Additionally, their binary permit/deny nature lacks the granularity needed for modern network security.

Conclusion

Standard access lists provide a simple yet effective method for basic network traffic filtering based on source IP addresses. While they offer limited granularity compared to extended ACLs, they remain valuable for straightforward access control scenarios and serve as a foundation for understanding more advanced filtering techniques.

Updated on: 2026-03-16T23:36:12+05:30

2K+ Views

Learn More in Our Tutorials

Kickstart Your Career

Get certified by completing the course

Get Started
Advertisements