So, we looked into standard ACL’s that specify permission or denial of access to network resources according to IP addresses.  What exactly is an extended ACL?  Well, it’s similar to a standard ACL except there are additional parameters that allow us to be more specific in terms of what kind of network traffic is permitted from one device to another.  We now are able to specify whether that traffic is TCP or UDP, the port or port range, and the protocol whether or not said devices can access them.  Think of extended ACLs almost like saying “you can go here but you can’t access this or that.”  Whereas with standard ACL’s, you’re pretty much saying “you have such and such IP address, therefore you are or are not allowed access to this device.”  In the former case, your IP address isn’t necessarily a guarantee that you can access anything you want on a server for example.  I the lab I created the extended ACL’s permit IP traffic for pingability, but may or may not allow HTTP traffic according to the specification to disallow port 80.