Access Control List (ACL) is a set of rules to control the traffic of packets in a computer network. In addition to controlling the traffic in a network, ACL plays a big role in network security. It can prevent unauthorized movements of packets and restrict the privileges depends based on the source, destination, and port number. It is defined in a way to avoid contradictions in rules. The top rule which matches the condition will operate and ignore the rest of rules. Here let us discuss the major uses and types of Access Control List.
The major uses of ACLs by network administrates are to control the telnet access through VTY and to filter the packets by defining the right rule on the basis of source IP address.
There are two types of Access Control List. They are:
Standard ACL is based on the source IP address of the packet. Using standard ACL we can either block or permit traffic from one specific source IP. Extended ACL allows us to control the traffic on the base of source IP, destination IP, and Port number. Now let us check how to control packet movements in a network using these rules.
To configure Standard ACL on a Cisco router, use the command below. It is the format of the command and it is explained with an example below.
access-list [ID] [per/deny] [Source IP] [Wild mask]
Now let us check one example. I am creating an access list with ID 10 to permit the packet from the source IP 192.168.1.0. To write such a rule, refer to the command below.
access-list 10 permit 192.168.1.0 0.0.0.255
Now let us check some important points while writing a standard ACL rule.
Extended ACL is more flexible than standard ACL due to the extra features it controls. It uses source IP, destination IP and port numbers to control a packet. To configure a rule, we can use the command given below.
access-list 109 permit tcp 30.30.2.0 0.0.0.255 any eq 80
Here we are creating a rule to permit traffic from 30.30.2.0 through port 80 to any destination IP address. In extended ACL the ID can be changed from 100 to 199.
Uses
The major uses of ACLs by network administrates are to control the telnet access through VTY and to filter the packets by defining the right rule on the basis of source IP address.
- Control vty access into a router
- Filter traffic that originates from the router
Types
There are two types of Access Control List. They are:
- Standard ACL
- Extended ACL
Standard ACL is based on the source IP address of the packet. Using standard ACL we can either block or permit traffic from one specific source IP. Extended ACL allows us to control the traffic on the base of source IP, destination IP, and Port number. Now let us check how to control packet movements in a network using these rules.
Configure Standard ACL on a Cisco router
To configure Standard ACL on a Cisco router, use the command below. It is the format of the command and it is explained with an example below.
access-list [ID] [per/deny] [Source IP] [Wild mask]
Now let us check one example. I am creating an access list with ID 10 to permit the packet from the source IP 192.168.1.0. To write such a rule, refer to the command below.
access-list 10 permit 192.168.1.0 0.0.0.255
Now let us check some important points while writing a standard ACL rule.
- The standard Access Control List ID can be in the range of 1 to 99.
- the rule is applied based on the source IP
- You can either permit or deny access to packets
Configure Extended ACL
Extended ACL is more flexible than standard ACL due to the extra features it controls. It uses source IP, destination IP and port numbers to control a packet. To configure a rule, we can use the command given below.
access-list 109 permit tcp 30.30.2.0 0.0.0.255 any eq 80
Here we are creating a rule to permit traffic from 30.30.2.0 through port 80 to any destination IP address. In extended ACL the ID can be changed from 100 to 199.
Further Readings
- Virtual Redundancy Protocol
- Dynamic Host Configuration Protocol
- Presentation Layer
- Fiber Distributed Data Interface