Which type of IP ACL can match based on both source and destination IP addresses?

Extended IP ACLs have the capability to match traffic based on both source and destination IP addresses, which allows for a more granular level of control over network traffic. This type of ACL can evaluate more attributes of a packet, including protocols like TCP, UDP, and ICMP, as well as port numbers.

This functionality enables network administrators to create specific rules that not only filter traffic based on where it comes from (the source address) but also where it is going (the destination address). Such versatility is critical in complex network scenarios where detailed filtering is necessary to enhance security and manage bandwidth effectively.

In contrast, standard IP ACLs only match on source IP addresses and do not consider destination IPs, making them less flexible for specific traffic management. The terms "restricted" and "basic" IP ACLs are not standard designations within Cisco’s ACL classifications, and they may cause confusion without a clear definition. Therefore, Extended IP ACLs stand out as the correct choice for matching on both source and destination addresses.