The invention relates to the technical field of network data transmission, and discloses an access control list matching method and device. The problem that in the prior art, the control list matching method is low in matching efficiency and complicated in establishment is solved. The device comprises a control plane which is used for establishing ACL rule tables which take priorities as subscripts and establishing bitmap vector tables which take address objects as first dimensions, source and destination ip addresses as second dimensions, and ACL priorities as third dimensions; and a data plane which is used for carrying out address object matching according to the source ip addresses and destination ip addresses of messages entering the data plane, establishing a bitmap array containing the ACL priorities according to the matched address objects, traversing the bitmap array to match the ACL rule tables, obtaining the matched ACL rule table with the highest priority, and processing the messages according to the ACL rule table. According to the scheme of the method and the device, the demand of matching massive ACLs efficiently can e satisfied; the space consumption is reduced; the expansibility is good; and the method and the device can be applied to the products such as routers and firewalls.