How to use the cisco acl builder
- Set ACL number or name, action (permit / deny), protocol, source, destination and optional port.
- Add each rule to the rule list. Order matters: first match wins.
- Copy the full ACL block straight to your Cisco config.
Cisco ACL Builder
Build standard or extended access lists for Cisco IOS.
Frequently asked questions
What is the difference between standard and extended ACLs?
Standard ACLs match only on source IP. Extended ACLs match source, destination, protocol and port. Extended is what you almost always want.
Why does ACL order matter for traffic matching?
Cisco evaluates ACL entries top-down and stops at the first match. A broad 'permit any' early in the list will hide every specific rule below it.
How do I deny one host while permitting the rest of its subnet?
Add the deny line for the host first, then the permit for the subnet. The order is essential because of top-down matching.
When should I use named ACLs over numbered ACLs?
Use named ACLs when you want to edit individual lines (numbered ACLs require deleting and re-creating the whole list). Almost all new deployments should be named.