Scribd
Upload
7 views10 pages

Lecture - 19 - Network Security - ACLs

Access Control List (ACL) is a list of IP addresses and network IDs used for security, routing, and quality of service (QoS). There are two types of ACLs: Standard ACLs, which focus on source IP addresses, and Extended ACLs, which consider source and destination IP addresses along with the destination protocol. ACLs can be implemented in inbound or outbound directions on interfaces, with specific number ranges for standard (1-99) and extended (100-199) ACLs per router.

Uploaded by

m.haris5084
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
7 views10 pages

Lecture - 19 - Network Security - ACLs

Access Control List (ACL) is a list of IP addresses and network IDs used for security, routing, and quality of service (QoS). There are two types of ACLs: Standard ACLs, which focus on source IP addresses, and Extended ACLs, which consider source and destination IP addresses along with the destination protocol. ACLs can be implemented in inbound or outbound directions on interfaces, with specific number ranges for standard (1-99) and extended (100-199) ACLs per router.

Uploaded by

m.haris5084
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 10

IP Traffic Management

With Access Control List (ACL)


What is ACL?
• ACL stands for Access Control List.
• ACL is a list of IP Addresses & Network IDs.
• ACL can be used for several purposes.
– For Security Purposes
– For Routing Purposes
– For Providing QoS
– Etc.

• First you define a Policy, and then implement it.


Types of ACL

Access Control List (ACL)

Standard ACL Extended ACL


• For Flexible Policy
• Looks for 3 Parameters:
• For Strict Policy 1. Source IP Address
• Looks for Source IP Address 2. Destination IP Address
3. Destination Protocol
(Port Number -> Protocol ID)
More about ACL
• ACL is defined in Global Configuration Mode of
Cisco IOS.
• ACL is a tool/service and not a protocol.
• ACL can be implemented on:
– Interfaces
– Lines
– Processes

• ACL is defined and Implemented on Same Device.


How to Implement ACL?
• ACL can be implemented in two ways:
– Inbound
– Outbound
Notes
• Same ACL can be used on Multiple Places but Multiple ACLs
can not be implemented on same places in same direction.

• But two different ACLs can be used on same place but 1 as


Inbound and other as OutbounSame ACL can be used on Multiple Places
but Multiple ACLs can not be implemented on same places in same direction.
• But two different ACLs can be used on same place but 1 as Inbound and other as
Outbound.
• i.e. If direction is same, then no multiple ACLs on same place. Otherwise you can
use Multiple ACLs in different directions.d.

– i.e. If direction is same, then no multiple ACLs on same place.


Otherwise you can use Multiple ACLs in different directions.
Defining ACL
• An ACL is given a number when it is created.
• For Standard ACL the number range is 1 – 99.
– You can create 99 Standard ACLs per Router.

• For Extended ACL the number range is: 100-199.


– You can create 100 Extended ACLs per Router.

• Note:
– You can not Implement Standard & Extended ACL
on same Interface.
Command for Defining ACL
• Standard ACL:
R1(conf)# access-list 20 deny 192.168.1.1 0.0.0.0
Or
R1(conf)# access-list 20 deny host 192.168.1.1

• Extended ACL:
R1(conf)# access-list 150 deny tcp 192.168.1.10 0.0.0.0 eq 23 192.168.1.1 0.0.0.0
Implementing ACL
• ACL is implemented on interfaces on Interface
Mode.

R1(config)# int f0/0


R1(config-if)# ip access-group 150 out
Or
R1(config-if)# ip access-group 150 in
Thankyou!

You might also like