IOS Access List numbering scheme

From CT3

The simple CLI parser implemented in early releases of Cisco IOS recognized only numbered access lists. The protocols supported early in the Cisco IOS history were thus using numbered access lists to filter traffic or routing updates.

Most of the access lists were using common address space. Banyan Vines access lists were an exception, they were always configured with the vines access-list configuration command and used their own independent numbering scheme. Rate-limit access-lists (configured with access-list rate-limit number) also use an independent address space.

The first protocol using named access lists was CLNS. Named standard and extended access lists were later added to IP. As numerous IP features still expected an access-list number in the configuration commands even after the named IP access lists were introduced, the address space of the numbered IP access lists was expanded.

The following table documents the IOS access-list numbering conventions:

Start	End	Description
1	99	IP standard access lists
100	199	IP extended access lists
200	299	Protocol type-code access lists (used in bridging filters)
300	399	DECnet standard access lists
400	499	XNS standard access lists
500	599	XNS extended access lists
600	699	AppleTalk cable range access lists
700	799	MAC address access lists (used in bridging filters)
800	899	Novell IPX standard access lists
900	999	Novell IPX extended access lists
1000	1099	Novell IPX SAP access lists
1100	1199	MAC address access lists (extended range)
1200	1299	Novell IPX NLSP access lists
1300	1999	IP standard access lists (extended range)
2000	2699	IP extended access lists (extended range)

Rate limit access lists configured with the access-list rate-limit global configuration command and used in the rate-limit input|output access-group rate-limit number rate interface configuration command use the following numbers (independent from the access-list numbering scheme):