Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 7 Access Control List (Access Control List provide security for a…
Chapter 7 Access Control List
Access Control List provide security for a network.
What is ACL?
An ACL is a series of IOS commands that control whether a router forwards or drops packets based on information found in the packet header.
When configured, ACLs perform the following tasks:
ACLs can allow one host to access a part of the network and prevent another host from accessing the same area.
Limit network traffic to increase network performance.
Screen hosts to permit or deny access to network services. ACLs can permit or deny a user to access file types, such as FTP or HTTP.
Filter traffic based on traffic type. For example, an ACL can permit email traffic, but block all Telnet traffic.
Provide traffic flow control. ACLs can restrict the delivery of routing updates to ensure that the updates are from a known source.
When an ACL is applied to an interface, the router performs the additional task of evaluating all network packets as they pass through the interface to determine if the packet can be forwarded.
In addition to either permitting or denying traffic, ACLs can be used for selecting types of traffic to be analyzed, forwarded, or processed in other ways.
Packet Filtering
An ACL is a sequential list of permit or deny statements, known as access control entries (ACEs).
When network traffic passes through an interface configured with an ACL, the router compares the information within the packet against each ACE, to determine if the packet matches one of the ACEs. This process is called packet filtering.
Packet filtering controls access to a network by analyzing the incoming and outgoing packets and forwarding them or discarding them based on given criteria. Packet filtering can occur at Layer 3 or Layer 4
Standard ACLs only filter at Layer 3. Extended ACLs filter at Layer 3 and Layer 4.
ACL Operation
ACLs define the set of rules that give added control for packets that enter inbound interfaces, packets that relay through the router, and packets that exit outbound interfaces of the router. ACLs do not act on packets that originate from the router itself.
Inbound ACLs
Incoming packets are processed before they are routed to the outbound interface. An inbound ACL is efficient because it saves the overhead of routing lookups if the packet is discarded.
Outbound ACLs
Incoming packets are routed to the outbound interface, and then they are processed through the outbound ACL. Outbound ACLs are best used when the same filter will be applied to packets coming from multiple inbound interfaces before exiting the same outbound interface.