Why This Cheat Sheet Matters for CCNA
This cheat sheet covers the most important Access Control Lists concepts tested on the CCNA (CCNA) certification exam. It contains 3 sections with 14 key points that you should memorize before exam day. Master standard and extended ACLs, numbered and named ACLs, wildcard masks, implicit deny, and ACL placement best practices for filtering network traffic. Use this as a quick-reference guide during your final review sessions.
ACL Types
- Standard ACLs (1–99, 1300–1999): filter by source IP only. Place close to destination.
- Extended ACLs (100–199, 2000–2699): filter by source/dest IP, protocol, port. Place close to source.
- Named ACLs: use descriptive names. Allow editing individual entries.
- Implicit deny any at the end of every ACL.
Wildcard Masks
- Wildcard mask = inverse of subnet mask. 0 = must match, 1 = don't care.
- 0.0.0.0 = exact host match (host keyword shortcut).
- 0.0.0.255 = match first 3 octets (/24).
- 255.255.255.255 = match anything (any keyword shortcut).
- Calculate: 255.255.255.255 − subnet mask = wildcard mask.
Configuration & Placement
- ip access-list standard <name> → permit/deny <source> <wildcard>
- ip access-list extended <name> → permit/deny <protocol> <src> <wildcard> <dst> <wildcard> eq <port>
- Apply inbound: ip access-group <name> in — filters packets entering the interface.
- Apply outbound: ip access-group <name> out — filters packets leaving the interface.
- One ACL per interface, per direction, per protocol.
Practice ACLs Questions
Put your knowledge to the test with practice questions.
Cisco Command Quick Reference
Cisco IOS commands follow a hierarchical structure: User EXEC mode (>), Privileged EXEC mode (#), Global Configuration mode (config)#, and Interface Configuration mode (config-if)#. Master the transitions between these modes and the key "show" commands for each technology area — they are heavily tested on every Cisco exam.