Cisco IOS Access Control Lists: Standard, Extended, Named, Reflexive, Time-Based
Working reference for the five Cisco IOS ACL types. How an ACL processes a packet (top-down, first-match-wins, implicit deny), where the order of operations relative to NAT matters (in: ACL before NAT, out: NAT before ACL), Standard vs Extended vs Named ACLs with full configuration examples, Reflexive ACLs for basic return-traffic state, Time-based ACLs with absolute and periodic schedules, application to interfaces vs VTY lines (ip access-group vs access-class), placement rules (Standard close to destination, Extended close to source), and the pitfalls (implicit deny, numbered-ACL edit gotcha, wildcard vs subnet mask, NAT-order trap, missing VTY restriction).