Back to CCNA 200-301

CCNA 200-301 · Security Fundamentals (15%)

Acls

# Access Control Lists (ACLs) ACLs are one of the most consistently tested topics in the Security Fundamentals domain (15% of the CCNA 200-301 v1.1 exam). Expect both multiple-choice questions on wildcard masks and numbered/named ACL logic, as well as simulation questions requiring you to write and apply ACLs correctly. --- ## What Is an ACL? An Access Control List (ACL) is an ordered list of permit or deny statements that a router evaluates against packets. ACLs are used to filter traffic, control access to network resources, and restrict management plane access (such as VTY lines). Think of an ACL like a bouncer's list at a venue: the bouncer reads from the top down, and the first rule that matches determines whether you get in or get turned away. If your name isn't on the list at all, you're automatically denied. --- ## Standard vs. Extended ACLs The two ACL types you must know cold: | Feature | Standard ACL | Extended ACL | |---|---|---| | Number range | 1–99, 1300–1999 | 100–199, 2000–2699 | | Matches on | Source IP only | Source IP, destination IP, protocol, port | | Placement rule | Close to the destination | Close to the source | | Use case | Broad traffic control | Granular, surgical filtering | ### Why does placement matter? - A standard ACL only matches source IP. If you place it close to the source, it could accidentally block traffic to every destination — not just the one you want to restrict. Place it near the destination so the traffic…

Keep reading: Acls

Unlock the full CCNA 200-301 course — every lesson, the AI tutor, and full mock exams.

  • Full lesson content
  • AI tutor for this section
  • Practice questions