Scribd
Upload
29 views2 pages

Access-Lists (ACL)

Access-list (ACL) is a set of rules that controls network traffic by filtering packets based on the defined rules for incoming or outgoing network traffic. There are two main types of ACLs - standard ACLs which filter based on source IP addresses only and extended ACLs which can filter based on source/destination IPs and ports. ACLs are applied to network interfaces to process packets according to the defined rules before routing packets to their destination.

Uploaded by

Mohammed Ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
29 views2 pages

Access-Lists (ACL)

Access-list (ACL) is a set of rules that controls network traffic by filtering packets based on the defined rules for incoming or outgoing network traffic. There are two main types of ACLs - standard ACLs which filter based on source IP addresses only and extended ACLs which can filter based on source/destination IPs and ports. ACLs are applied to network interfaces to process packets according to the defined rules before routing packets to their destination.

Uploaded by

Mohammed Ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Access-Lists (ACL)

Access-list (ACL) is a set of rules defined for controlling network traffic and reducing
network attacks. ACLs are used to filter traffic based on the set of rules defined for the
incoming or outgoing of the network.
ACL features –
1. The set of rules defined are matched serial wise i.e matching starts with the first line,
then 2nd, then 3rd, and so on.
2. The packets are matched only until it matches the rule. Once a rule is matched then no
further comparison takes place and that rule will be performed.
3. There is an implicit denial at the end of every ACL, i.e., if no condition or rule
matches then the packet will be discarded.

Once the access-list is built, then it should be applied to inbound or outbound of the
interface:

 Inbound access lists –


When an access list is applied on inbound packets of the interface then first the
packets will be processed according to the access list and then routed to the outbound
interface.

 Outbound access lists –


When an access list is applied on outbound packets of the interface then first the
packet will be routed and then processed at the outbound interface.

Types of ACL –
There are two main different types of Access-list namely:
1. Standard Access-list –
These are the Access-list that are made using the source IP address only. These ACLs
permit or deny the entire protocol suite. They don’t distinguish between the IP traffic
such as TCP, UDP, HTTPS, etc. By using numbers 1-99 or 1300-1999, the router will
understand it as a standard ACL and the specified address as the source IP address.

2. Extended Access-list –
These are the ACL that uses source IP, Destination IP, source port, and Destination
port. These types of ACL, we can also mention which IP traffic should be allowed or
denied. These use range 100-199 and 2000-2699.
Also, there are two categories of access-list:
1. Numbered access-list – These are the access list that cannot be deleted specifically
once created i.e if we want to remove any rule from an Access-list then this is not
permitted in the case of the numbered access list. If we try to delete a rule from the
access list then the whole access list will be deleted. The numbered access-list can be
used with both standard and extended access lists.

2. Named access list – In this type of access list, a name is assigned to identify an
access list. It is allowed to delete a named access list, unlike numbered access list.
Like numbered access lists, these can be used with both standards and extended
access lists.

Rules for ACL –


1. The standard Access-list is generally applied close to the destination (but not always).
2. The extended Access-list is generally applied close to the source (but not always).
3. We can assign only one ACL per interface per protocol per direction, i.e., only one
inbound and outbound ACL is permitted per interface.
4. We can’t remove a rule from an Access-list if we are using numbered Access-list. If
we try to remove a rule then the whole ACL will be removed. If we are using named
access lists then we can delete a specific rule.
5. Every new rule which is added to the access list will be placed at the bottom of the
access list therefore before implementing the access lists, analyses the whole scenario
carefully.
6. As there is an implicit deny at the end of every access list, we should have at least a
permit statement in our Access-list otherwise all traffic will be denied.
7. Standard access lists and extended access lists cannot have the same name.

Advantages of ACL –
 Improve network performance.
 Provides security as the administrator can configure the access list according to the
needs and deny the unwanted packets from entering the network.
 Provides control over the traffic as it can permit or deny according to the need of the
network.

You might also like