Please enable JavaScript.
Coggle requires JavaScript to display documents.
Module 4: ACL Concepts, Limited Number of ACLs per Interface, Inbound vs…
Module 4: ACL Concepts
4.1 Purpose of ACLs
-
It determines which packets are allowed or denied based on criteria such as source IP, destination IP, protocol, or port number.
ACLs help in filtering traffic, restricting access to sensitive resources, and managing network performance.
Types of ACLs:
Standard ACLs: Filter based only on source IP address.
Extended ACLs: Filter based on source/destination IP, protocol, or port numbers.
-
-
Standard ACLs filter traffic only by the source IPv4 address, making them simpler but less precise. Extended ACLs allow filtering by source address, destination address, protocol, and ports, which provides more flexibility and detailed control. Both types always end with an implicit “deny any” that blocks all traffic not explicitly permitted.
Numbered ACLs are identified with specific numeric ranges, where lower ranges define standard ACLs and higher ranges define extended ACLs. Named ACLs use descriptive names instead of numbers, making them easier to understand and manage, especially in larger networks, and they are generally preferred in modern configurations.
ACLs must be placed where they provide the most efficient filtering. Extended ACLs are positioned close to the source of traffic because they are very specific and can block unwanted traffic before it consumes bandwidth. Standard ACLs are positioned close to the destination because they are less precise and placing them too early might block valid traffic intended for other destinations.
The goal is to filter traffic from 192.168.10.0/24 so it only reaches 192.168.30.0/24, but not 192.168.31.0/24.
Placing the ACL inbound on R3 S0/1/1 would block all traffic from 192.168.10.0/24, including unwanted networks.
The best option is to place the ACL outbound on R3 G0/0, because it filters only traffic going to 192.168.30.0/24 without affecting other destinations.
-
-
-
- Limited Number of ACLs per Interface
-
-
-
-
-
-