0 оценок0% нашли этот документ полезным (0 голосов)
24 просмотров24 страницы
Access control lists (ACLs) are used to filter network traffic by defining rules for permitting or denying traffic through router interfaces. There are two main types of ACLs - standard ACLs check only the source IP address, while extended ACLs can check both source and destination addresses as well as protocol and port information. ACLs can be configured using numbers or names and applied inbound or outbound on an interface to implement traffic control, security, and performance improvements.
Access control lists (ACLs) are used to filter network traffic by defining rules for permitting or denying traffic through router interfaces. There are two main types of ACLs - standard ACLs check only the source IP address, while extended ACLs can check both source and destination addresses as well as protocol and port information. ACLs can be configured using numbers or names and applied inbound or outbound on an interface to implement traffic control, security, and performance improvements.
Access control lists (ACLs) are used to filter network traffic by defining rules for permitting or denying traffic through router interfaces. There are two main types of ACLs - standard ACLs check only the source IP address, while extended ACLs can check both source and destination addresses as well as protocol and port information. ACLs can be configured using numbers or names and applied inbound or outbound on an interface to implement traffic control, security, and performance improvements.
ACLs are basically a set of commands, grouped together by a number or name, that are used to filter traffic entering or leaving an interface. ACL commands define specifically which traffic is permitted and denied. Thus ACLs are statements that specify conditions of how the router handles the traffic flow through specified interfaces. Naveen Patel Access Control List ( ACL ) There are many reasons to create ACLs. ACLs can be used to: Limit network traffic and increase network performance Provide traffic flow control Provide a basic level of security for network access Decide which types of traffic are forwarded or blocked at the router interfaces Packet filtering
Naveen Patel Access Control List ( ACL ) ACLs operate in two ways:
Inbound ACLs: Incoming packets are processed before they are routed to an outbound interface. An inbound ACL is efficient because it saves the overhead of routing lookups if the packet will be discarded after it is denied by the filtering tests.
Outbound ACLs: Incoming packets are routed to the outbound interface and then processed through the outbound ACL. Naveen Patel Access Control List ( ACL ) Naveen Patel Access Control List ( ACL ) The types of ACLs can be classified as follows:
Standard ACL Extended ACL
Naveen Patel Access Control List ( ACL )
Two methods used to identify Standard and Extended ACLs :
Numbered ACLs Named ACLs
Naveen Patel Access Control List ( ACL ) Standard ACLs: Standard IP ACLs check the source addresses of packets that can be routed. The result either permits or denies the output for an entire protocol suite, based on the source network, subnet, or host IP address. Extended ACLs: Extended IP ACLs check both the source and destination packet addresses. They can also check for specific protocols, port numbers, and other parameters. Named ACLs : It use a descriptive name or number for identification. Naveen Patel Access Control List ( ACL ) Standard Access List
The access-list number range is 1 99 , 1300 -1999 Can block a Network, Host and Subnet Two way communication is stopped All services are blocked. Implemented closest to the destination. (Guideline) Checks the source IP address.
Naveen Patel Access Control List ( ACL ) Standard Access List Naveen Patel Access Control List ( ACL )
Extended Access List
The access-list number range is 100 199 , 1300 - 1999 Can block a Network, Host, Subnet and Service One way communication is stopped Selected services can be blocked. Checks source, destination IP address & port number. Implemented closest to the source. (Guideline).
Naveen Patel Access Control List ( ACL ) Access Extended List Naveen Patel Access Control List ( ACL ) ACL Evaluation Naveen Patel Access Control List ( ACL ) ACL Configuration Guidelines
Standard or Extended indicate what can be filtered. One ACL per interface, per protocol, per direction is allowed, The order of ACL statement control testing Place the most restrictive statement at the top of list. There is an Implicit Deny any statement as the last access list test. Every list need atleast one permit statement. Create ACL before applying them to interface ACL filter traffic going through the router; they do not apply to traffic originating from router. Naveen Patel Access Control List ( ACL ) ACL Wildcard Masking
Address filtering occurs when you use ACL address wildcard masking to identify how to check or ignore corresponding IP address bits A 0 in a bit position of the ACL mask indicates that the corresponding bit in the address must be matched. A 1 in a bit position of the ACL mask indicates that the corresponding bit in the address is not interesting and can be ignored. Naveen Patel Access Control List ( ACL ) Naveen Patel Access Control List ( ACL )
Creating an Standard Numbered ACL Router(config)# access-list no. permit|deny source_IP_address [wildcard_mask]
Activating an ACL Router(config)# interface type [slot_#] Router(config-if)# ip access-group ACL no. in|out
Activating an ACL Router(config)# interface type [slot_#] Router(config-if)# ip access-group ACL no. in|out
Naveen Patel Access Control List ( ACL ) Naveen Patel Access Control List ( ACL )
Creating an Standard Named ACL Router(config)# ip access-list standard name Router(config-std-nacl)# [sequence-number] deny / permit source [ wildcard ] Router(config-std-nacl)#exit
Activating an ACL Router(config)# interface type [slot_#] Router(config-if)# ip access-group ACL no. in|out
Naveen Patel Access Control List ( ACL )
Creating an Extended Named ACL Router(config)# ip access-list extended name Router(config-ext-nacl)# [sequence-number] {deny | permit} protocol source source- wildcard destination destination-wildcard [option] Router(config-ext-nacl)#exit
Activating an ACL Router(config)# interface type [slot_#] Router(config-if)# ip access-group ACL no. in|out Naveen Patel Access Control List ( ACL ) Summary Access lists offer a powerful tool for network control. These lists add the flexibility to filter the packet flow into or out of router interfaces. Such control can help limit network traffic and restrict network use by certain users or devices. An IP access list is a sequential list of permit and deny conditions that apply to IP addresses or upper-layer IP protocols. Access lists filter traffic going through the router, but they do not filter traffic originated from the router. Access lists are optional mechanisms in Cisco IOS software that you can configure to filter or test packets to determine whether to forward them to their destination or discard them.
Naveen Patel Access Control List ( ACL ) Summary Inbound access lists process incoming packets before they are routed to an outbound interface, while outbound access lists process packets to an outbound interface. The Cisco IOS software executes access list statements in sequential order, so the first statement is processed, then the next, and so on. Address filtering occurs using access list address wildcard masking to identify how to check or ignore corresponding IP address bits.