Jan 11, 2012

Access Control List - why network admins use it in a Network


Access Control List (ACL) is a set of rules to control the traffic of packets in a computer network . In addition to control the traffic in a network ACL plays a big role in network security. The top rule which matches the condition will operate and ignore the rest of rules.


The major uses of ACLs by network administrates are :

1. Control vty access into a router

2. Filter traffic that originates from the router

TYPES OF ACCESS CONTROL LIST

There are two types of ACL. They are:

1. Standard ACL
2. Extended ACL

Standard ACL is based on the source IP address of the packet. Using standard ACL we can either block or permit traffic from one specific source IP. Extended ACL allows us to control the traffic on the base of souce IP,destination IP and Port number.

Configure Standard ACL in a CISCO Router

To configure Standard ACL, we can use the command below.

access-list 10 permit 192.168.1.0 0.0.0.255

Let us explain the command below.

The command to create an ACL is access-list [ID] [per/deny] [Source IP] [Wild mask]

The standard ACL ID can be in the range of 1 to 99.

Configure Extended ACL

To configure extended ACL we can use the command as shown below

access-list 109 permit tcp 30.30.2.0 0.0.0.255 any eq 80

Here we are creating a rule to permit traffic from 30.30.2.0 through port 80 to any destination IP address.

In extended ACL the ID can be changed from 100 to 199.

No comments:

Post a Comment