Access Control List – why network admins use it in a network

Access Control List (ACL) is a set of rules to control the traffic of packets in a computer network . In addition to control the traffic in a network ACL plays a big role in network security. The top rule which matches the condition will operate and ignore the rest of rules.
The major uses of ACLs by network administrates are :
1. Control vty access into a router
2. Filter traffic that originates from the router
Types of Access Control List
There are two types of ACL. They are:
1. Standard ACL
2. Extended ACL
Standard ACL is based on the source IP address of the packet. Using standard ACL we can either block or permit traffic from one specific source IP. Extended ACL allows us to control the traffic on the base of souce IP,destination IP and Port number.
Configure Standard ACL in a cisco router
To configure Standard ACL, we can use the command below.
access-list 10 permit 192.168.1.0 0.0.0.255
Let us explain the command below.
The command to create an ACL is access-list [ID] [per/deny] [Source IP] [Wild mask]
The standard ACL ID can be in the range of 1 to 99.
Configure Extended ACL
To configure extended ACL we can use the command as shown below
access-list 109 permit tcp 30.30.2.0 0.0.0.255 any eq 80
Here we are creating a rule to permit traffic from 30.30.2.0 through port 80 to any destination IP address.
In extended ACL the ID can be changed from 100 to 199.

0 comments: