ACL

Access Control Lists (ACL)

Access Control Lists (ACL) are very powerful security feature of Cisco IOS. By using Access Control Lists (ACL), we can deny unwanted access to the network while allowing internal users appropriate access to necessary services.

Access Control Lists (ACL) are a set of commands, grouped together (by a number or name), that are used to filter traffic entering or leaving an interface. Access Control Lists (ACL) commands define which traffic is permitted and which is denied.

We have already discussed that an Access Control Lists (ACL) is a group of statements that define whether packets are accepted or rejected coming into an interface or leaving an interface. Access Control Lists (ACL) statements operate in sequential, logical order.

If a condition match is true, the packet is permitted or denied and the rest of the Access Control Lists (ACL) statements are not checked. If all the Access Control Lists (ACL) statements are unmatched, an implicit “deny any” statement is placed at the end of the list by default. Access list statements operate in sequential, logical order and they evaluate packets from the top down.

Once there is an access list statement match, the packet skips the rest of the statements. If a condition match is true, the packet is permitted or denied. You should remember that there is an implicit “deny any” at the end of every Access Control Lists (ACL).

We can classify Access Control Lists (ACL) as

Numbered and Named Access Control Lists (ACL): A Numbered ACL is assigned a unique number among all Access Control Lists (ACL), but a Named Access Control Lists (ACL) is identified by a unique name.

Standard and Extended Access Control Lists (ACL): Standard IP Access Control Lists (ACL) can be used filter traffic only based on the source IP address of the IP datagram packet. An extended Access Control Lists (ACL) can be used to filter traffic based on Source IP address, Destination IP address, Protocol (TCP, UDP etc), Port Numbersetc.

The following table shows the Access Control Lists (ACL) Types and related Numbers which can be used to number an Access Control Lists (ACL)

Access Control Lists (ACL) Type

Access Control Lists (ACL) Numbers

IP Standard

1–99, 1300–1999

IP Extended

100–199, 2000–2699

This above table means that if you want to create a standard IP Access Control List (ACL) use an Access Control List (ACL) number between 1–99 or 1300–1999.

If you want to create an extended IP Access Control List (ACL) use an Access Control List (ACL) number between 100–199 or 2000–2699.

Posted By – RamCruiseWalker

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s