ccna1 lecture 11 

so set the ranges of ip adddresses should fall on bit boundaries ie like 4, 8, 16, 32 ... 128. this is because it is easier to do an and or an or instead of just making up randum settings. for a wildcard mask you dont have to keep the bits together so the ones and zeros dont have to be in chronological order. these numbers are 32 bit binary numbers. you block trafic as close to the point where you know already where that trafic is going to go. extended acl's need to be close to the source as possible. standard acl only block on basis of source ip address only. extended you can have more criteria like ports etc. there is a implicit deny everything unless you permit things. you can put the explicit deny anything at the end of your list.