Sunday, 13 May 2012

Access Control Lists

Access control lists (ACL) is a configuration script that controls the traffics on a router or firewall. Access control lists permits or denies packets passing through the router or firewall interfaces base on the criteria stated in the packet header and the ACL. If the packet matches the criteria set, the router or firewall will grant or deny access base on the ACL.

Take a look at the video below to have a better understand on how exactly the ACL works.



The three general rule for applying an ACLs:

  • One ACL per protocol
  • One ACL per direction
  • One ACL per interface
There are two types of Cisco ACLs : Standard and Extended
  • Standard ACLs filter packets based on the source IP address only
  • Extended ACLs filter packets based on several attributes such as the source and destination IP addresses

Standard ACL:
Router(config)# access-list 10 permit 192.168.10.0 0.0.0.255

This standard ACL statement allows all traffic from the network 192.168.10.0/24. Standard ACL are identified using the access list number 1 to 99 and 1300 to 1399.

Extended ACL:
Router(config)# access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80

This extended ACL statement permits traffic from any address on the 192.168.10.0/24  network to any destination through port 80 (HTTP). Extended ACL are identified using access list number 100 to 199 and 2000 to 2699; or using a Named ACL
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)