This article describes what Reflexive Access Lists are, how they work, and how to configure Reflexive ACLs on Cisco routers in GNS3. Reflexive Access Lists are used to allow IP traffic for sessions that originates from inside the network, and deny IP traffic that originates from outside the network.

Dynamic (Lock-and-key) Access Control Lists are used to block user traffic until the user telnet to the router. Dynamic Access List is based on Extended ACL which starts with an entry that blocks traffic through the router. When the user try to telnet to the router a dynamic entry is added

Extended Access lists give us extra features in comparison with standard ACLs. They check packet for source address, destination address, protocol and port number. Like Standard ACLs, Extended Access Lists can be numbered or named. Ranges used by numbered extended ACLs are from 100 to 199 and from 2000 to 2699.

In previous article we discussed about Access Control Lists, generally. Here we’ll focus on Standard Access Lists on Cisco devices and will give you an example.

With standard ACLs you can permit or deny traffic from source IP addresses. The destination of the packet and the port doesn’t matter. They can be named or numbered. 

Access Control Lists are used to control traffic into and out of your network based on a given criteria. An  ACL consists of a sequence of permit or deny statements that apply to network layer or upper layer protocols. Most often Access Control Lists are used for security reasons to filter traffic.