IP Access List Features Roadmap

First Published: August 18, 2006

Last Updated: August 18, 2006

This roadmap lists the access list features documented in the Cisco IOS Security Configuration Guide
and maps them to the modules in which they appear.

Feature and Release Support

Table 1 lists access list feature support for the Cisco IOS software releases 12.2S, 12.3T, and 12.4T.
Only features that were introduced or modified in Cisco IOS Release 12.2(1) or a later release appear in
the table. Not all features may be supported in your Cisco IOS software release.
Use Cisco Feature Navigator to find information about platform support and software image support.
Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images
support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to
http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given
Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS
software release train also support that feature.

Table 1 Supported Access List Features

Release Feature Name Feature Description Where Documented

Cisco IOS Releases 12.2S, 12.3T, and 12.4T
12.3(4)T ACL Support for Filtering This feature allows you to filter packets Creating an IP Access List to Filter
12.2(25)S IP Options having IP Options, in order to prevent routers IP Options, TCP Flags,
from becoming saturated with spurious Noncontiguous Ports, or TTL Values
packets.

Americas Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA

© 2007 Cisco Systems, Inc. All rights reserved.

 IP Access List Features Roadmap

Table 1 Supported Access List Features (continued)

Release Feature Name Feature Description Where Documented

12.3(4)T ACL TCP Flags Filtering This feature provides a flexible mechanism Creating an IP Access List to Filter
12.2(25)S for filtering on TCP flags. Before Cisco IOS IP Options, TCP Flags,
Release 12.3(4)T, an incoming packet was Noncontiguous Ports, or TTL Values
matched as long as any TCP flag in the packet
matched a flag specified in the access control
entry (ACE). This behavior allows for a
security loophole, because packets with all
flags set could get past the access control list
(ACL). The ACL TCP Flags Filtering feature
allows you to select any combination of flags
on which to filter. The ability to match on a
flag set and on a flag not set gives you a
greater degree of control for filtering on TCP
flags, thus enhancing security.
12.3(7)T ACL—Named ACL This feature allows you to specify Creating an IP Access List to Filter
12.2(25)S Support for noncontiguous ports in a single access control IP Options, TCP Flags,
Noncontiguous Ports on entry, which greatly reduces the number of Noncontiguous Ports, or TTL Values
an Access Control Entry entries required in an access control list when
several entries have the same source address,
destination address, and protocol, but differ
only in the ports.
12.4(2)T ACL Support for Filtering You may use extended IP access lists (named Creating an IP Access List to Filter
on TTL Value or numbered) to filter packets based on their IP Options, TCP Flags,
time-to-live (TTL) value, from 0 to 255. This Noncontiguous Ports, or TTL Values
filtering enhances your control over which
packets reach a router.
12.4(6)T ACL Manageability The ACL Manageability feature enables users Displaying and Clearing IP Access
to display and clear Access Control Entry List Data Using ACL Manageability
(ACE) statistics per interface and per
incoming or outgoing traffic direction for
access control lists (ACLs).

CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence,
Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are
service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP,
CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo,
Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive,
HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace,
MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare,
SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo
are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply
a partnership relationship between Cisco and any other company. (0812R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any
examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only.
Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2007 Cisco Systems, Inc. All rights reserved.