Share this:
- Click to share on LinkedIn (Opens in new window)
- Click to share on Reddit (Opens in new window)
- Click to share on Twitter (Opens in new window)
- Click to share on Facebook (Opens in new window)
- Click to share on Pinterest (Opens in new window)
- Click to share on Tumblr (Opens in new window)
- Click to share on Telegram (Opens in new window)
- Click to share on WhatsApp (Opens in new window)
- Click to share on Pocket (Opens in new window)
- Click to print (Opens in new window)
- Click to email a link to a friend (Opens in new window)
Hi Anthony,
I’ve watched your video and read through your ICND1 book – I’m not clear on what the difference is between “access-list” and “ip access-list”. Also, when assigning the ACL to an interface, you have “access-group” and “access-class”. What’s the difference?
Thanks & Regards,
John
Hello John as I remember you use the command “access-list” only when you want to create a standard ACL (1-99), like “access-list 54 permit…”, it is not possible to create extended ACL with this command.
On the other hand “ip access-list” is used when creating an extended ACL, also you use “ip access-list” when you especify if it is standard or extended in the command line, like:
“ip access-list standard 1” or “ip access-list standard aclname” or “ip access-list extended 100” or “ip access-list extended aclname”
Now ip access-group command is used under interface meanwhile access-class is used for vty lines, you cannot mix them.