Please enable JavaScript.
Coggle requires JavaScript to display documents.
ACL Concepts - Coggle Diagram
ACL Concepts
PURPOSE OF ACL´S
Routers and ACLs Overview
- Routing Decisions:Based on packet header info; uses routing table for best match
- Packet Forwarding: Comparesdestination IP with routes; forwards accordingly
- Access Control List (ACL): Filters packets using IOS commands
-- Default State: No ACLs configured initially
--Function: Evaluates packets at the interface to determine forwarding eligibility
- Access Control Entries (ACEs): Sequential permit/deny statements used for filtering
- Packet Filtering: Compares packet info against ACEs in order to determine matches.
-
-
WILDCARD MASKS IN ACLS
Wildcard Masks Overview
Used by OSPF routing protocol; similar to subnet masks
- Matching Process: Utilizes ANDing to identify bits in an IPv4 address
Key Differences
- Subnet Mask
Binary 1=MATCH
Binary 0=NO MATCH
- Wildcard Mask
Bit 0: Match the corresponding bit value
Bit 1: Ignore the corresponding bit value
Calculation
Calculating wildcard masks can be challenging. One shortcut method is to subtract the subnet mask from 255.255.255.255. Refer to the examples to learn how to calculate the wildcard mask using the subnet mask.
Wildcard Masdk Keywords
Simplify wildcard mask usage in Cisco IOS, reducing keystrokes and enhancing readability
Keywords
- Host
Represents the 0.0.0.0 mask
Requires all IPv4 address bits to match (filters a single host)
- Any
Represents the 255.255.255.255 mask
Ignores the entire IPv4 address (accepts any address)
-
TYPESOFIPV4 ACLS
Two Types
- Standard ACLs - These permit or deny packets based only on the source IPv4 address.
- Extended ACLs - These permit or deny packets based on the source IPv4 address and destination IPv4 address, protocol type, source and destination TCP or UDP ports and more.
Numbered and Names ACLs:
ACLs number 1 to 99, or 1300 to 1999 are standard ACLs while ACLs number 100 to 199, or 2000 to 2699 are extended ACLs
Named ACLs
Named ACLs is the preferred method to use when configuring ACLs. Specifically, standard and extended ACLs can be named to provide information about the purpose of the ACL.
The following summarizes the rules to follow for named ACLs
- Assign a name to identify the purpose of the ACL.
- Names can contain alphanumeric characters.
- Names cannot contain spaces or punctuation.
- It is suggested that the name be written in CAPITAL LETTERS.
- Entries can be added or deleted within the ACL.