1. Configuration
   1. Named IPv4 ACLs
      1. Create a named IPv4 ACL
         1. Router(config)# ip access-list {standard | extended} <name>
      2. After the ACL name is created, reference this name in interface configuration mode to create access control entries (ACEs)
         1. Router(config-if)# ip access-group <name> {in|out}
         2. Router(config-ext-nacl)# {deny|permit} <source> <source_wildcard> [log]
         3. Router(config-ext-nacl)# {deny|permit} {tcp|udp}<source> <source_wildcard> [operator <port>] <destination> <destination_wildcard> [operator <port>] [log]
         4. Router(config-ext-nacl)# {deny|permit} <source> <source_wildcard> <destination> <destination_wildcard> [log]
      3. Apply the ACL to a virtual terminal (VTY) interface
         1. Router(config)# ip access-class <name> {in|out}
   2. Numbered IPv4 ACLs
      1. Extended Numbered IPv4 ACLs
         1. Create an Extended numbered IPv4 ACL
            1. Create an Extended numbered IPv4 ACL that permits or denies IP traffic
            2. access-list <number>
            3. [dynamic <name> [timeout <minutes>]{deny|permit} <protocol> <source_address> <source_wildcard> <destination_address> <destination_wildcard> [precedence <value>] [tos <value>] [log|log-input] [time-range <time-range>]
            4. Create an Extended numbered IPv4 ACL that permits or denies ICMP traffic
            5. access-list <number>
            6. [dynamic <name> [timeout <minutes>]]{deny|permit} icmp <source_address> <source_wildcard> <destination_address> <destination_wildcard> [<icmp_type> [<icmp_code>] |<icmp_message>] [precedence <value>] [tos <value>] [log|log-input] [time-range <time-range>]
            7. Create an Extended numbered IPv4 ACL that permits or denies TCP traffic
            8. access-list <number>
            9. [dynamic <name> [timeout <minutes>]]{deny|permit} tcp <source_address> <source_wildcard> [operator [<port>]] <destination_address> <destination_wildcard> [operator [<port>]] [established] [precedence <value>] [tos <value>] [log|log-input] [time-range <time-range>]
            10. Create an Extended numbered IPv4 ACL that permits or denies UDP traffic
            11. access-list <number>
            12. [dynamic <name> [timeout <minutes>]]{deny|permit} udp <source_address> <source_wildcard> [operator [<port>]] <destination_address> <destination_wildcard> [operator [<port>]] [precedence <value>] [tos <value>] [log|log-input] [time-range <time-range>]
         2. Apply an Extended numbered IPv4 ACL inbound or Outbound on a physical interface:
            1. ip access-group {number|name} {in|out}
         3. Apply an ACL to a virtual terminal (VTY) interface
            1. Router(config-if)# ip access-class <number> {in|out}
      2. Standard Numbered IPv4 ACLs
         1. Create a standard numbered IPv4 ACL
            1. Router(config)# access-list <number> {permit | deny} {host | <source_ip> <source_wildcard> | any}
         2. After the ACL is defined, apply it to an interface, inbound or outbound
            1. Router(config-if)# ip access-group <number> {in|out}
         3. Apply an ACL to a virtual terminal (VTY) interface
            1. Router(config-if)# ip access-class <number> {in|out}
2. Troubleshooting
   1. List all ACLs on a device
      1. show access-lists
      2. show access-lists [number|name]
   2. List all IP ACLs on a device
      1. show ip access-lists
      2. show ip access-lists [number|name]
   3. List configuration information about an interface, including ACLs configured to affect it
      1. show ip interface <type> <number>