If I apply the acl below. What is the difference between an access-class 13 and access-group 13? Thanks in advance.
access-list 13 permit 10.8.4.199
access-list 13 permit 10.8.4.200
access-list 13 permit 10.8.4.201
access-list 13 permit 10.8.4.202
access-list 13 deny any
line vty 0 4
exec-time 15 0
access-class 105 in
access-group is assigned on an interface and will filter data packets as they enter the interface or as they leave the interface (depending on whether the access-group is applied inbound or outbound). access-class is applied to line vty and controls who is able to remote access to the router or control who to remote access to from the router (depending on whether the access-class is applied inbound (the most common) or is applied outbound).
So if you took the access list 13 from your example and applied it as access-group in on an interface it would allow any ip packet with source address 10.8.4.199, 10.8.4.200, 10.8.4.201, or 10.8.4.202. And if you applied that same access list as access-class in on the vty then it would permite remote access (telnet or SSH) from only those 4 addresses.
Access-group applies an ACL to an interface and the access-class applies the ACL to your vty access in this case.