Scribd
Upload
9 views4 pages

Access Control List

Uploaded by

zubairzaidi303
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views4 pages

Access Control List

Uploaded by

zubairzaidi303
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

NS3EDU

Access control list (ACL)

Access control list secure network. Access list works at layer 3, layer 4 of the OSI reference model.

ACL does two things-


1- Filtering
2- Classification

Filtering- Filtering is used to permit or Deny traffic, block of an IPv4 and subnet.

Classification- Classification doesn’t drop IP packet, but select “traffic”.

Example- TCP, UDP, Telnet, SSH, HTTP, ICMP….

Access list control operation-

There are 7 steps of ACLs

ACLs provides these functions-

1- Limit network traffic to increase network performance


2- Provide traffic control
3- Provide basic level of security
4- Filter traffic based on traffic types
5- Permit and deny a host, subnet, network and traffic
Types of access list control-

1- Standard access list


2- Extended access list
3- Named access list

1- Standard access list-


 Standard access list is very basic since it can only check for source IP address.
 Range of Standard ACLs (1-99 or 1300-1999).
 One way communication stopped.
 Implement closet to the destination router.

2- Extended access list-


 Extended access list number range (100-199 or 2000-2699)
 Two-way communication stopped
 Both feature Layer-3 and Layer-4 (IP, Subnet, Protocol)
 Implement closet to the source router

3- Named access list-


 Named ACLs provides name instead number
 Named ACLs is for both ACLs Standard and Extended.
 Named ACLs provides delete statements, add new statements.

Wildcard Mask-

 Wildcard mask is inverse of Subnet mask


 Where 0 Match bits, 1 Ignore bits
 It’s 32 bits binary digits Ex- 0.0.0.255

Some Example of wildcard Mask-

Class Subnet mask Wildcard mask


Class A 255.0.0.0 0.255.255.255
Class B 255.255.0.0 0.0.255.255
Class C 255.255.255.0 0.0.0.255

ACL Terminology-

Deny- Block a network, subnet, host, service


Permit- Allow a network, subnet, host, service

Source address- A address from where the request starts

Destination address- A address from where the request ends

Inbound- Traffic coming into the interface

Outbound- Traffic going out of the interface

Protocol- TCP UDP ICPM

Services- HTTP, FTP, TELNET, DNS, DHCP….

Operators- There are some keywords.

 “host” is equal to wildcard mask 0.0.0.0 all bits are match


 “Any” is equal to wildcard mask 255.255.255.255 all bits are ones
 “Eq” (Equal to)
 “neq” (not equal to)
 “It” (less then)
 “Gt” (greater then)

Configure Access list-


1- Create Access list globally.
2- Apply access list on interface. (Inbound interface/outbound interface)
Verify Access list-

Delete Access list-

(Here 1 is the access list in above example)

Extended access list example-

To Block Telnet-

Apply access list on interface-

You might also like