Please enable JavaScript.

Coggle requires JavaScript to display documents.

ACL Concepts - Coggle Diagram

- - - - The following summarizes the rules to follow for named ACLs.
      - Assign a name to identify the purpose of the ACL.
      - Names can contain alphanumeric characters.
      - Names cannot contain spaces or punctuation.
      - It is suggested that the name be written in CAPITAL LETTERS.
      - Entries can be added or deleted within the ACL.
  - - - R3 G0/0 interface (outbound) - The standard ACL can be applied outbound on the R3 G0/0/0 interface. This will not affect other networks that are reachable by R3. Packets from.10 network will still be able to reach the.31 network. This is the best interface to place the standard ACL to meet the traffic requirements.
      - R3 S0/1/1 interface (inbound) - The standard ACL can be applied inbound on the R3 S0/1/1 interface to deny traffic from.10 network. However, it would also filter.10 traffic to the 192.168.31.0/24 (.31 in this example) network. Therefore, the standard ACL should not be applied to this interface.
  - - - R1 S0/1/0 interface (outbound) - The extended ACL can be applied outbound on the S0/1/0 interface. However, this solution will process all packets leaving R1 including packets from 192.168.10.0/24.
      - R1 G0/0/1 interface (inbound) - The extended ACL can be applied inbound on the G0/0/1 and only packets from the 192.168.11.0/24 network are subject to ACL processing on R1. Because the filter is to be limited to only those packets leaving the 192.168.11.0/24 network, applying the extended ACL to G0/1 is the best solution.
- - - - Inbound ACL: Filters packets before routing. Saves resources if discarded. Best when traffic only comes from that interface.
      - Outbound ACL: Filters packets after routing. Useful when the same filter applies to traffic from multiple inbound interfaces.
      - Process: Source address checked against ACEs in order; first match decides. If no match, packet is dropped due to implicit deny.
      - Note: An ACL must include at least one permit, otherwise all traffic is blocked.