Access Control Lists

This guide explains the functionality of access control lists and shows how to configure standard and extended access control lists.

Comments
General Information
Standard Numbered ACLs
Standard Named ACLs
Extended Numbered ACLs
Extended Named ACLs
Restricted Remote Access with ACLs

General Information

ACLs are used to control network traffic on Cisco routers and switches. They are used to filter traffic based on source and destination IP addresses, protocols, and ports. ACLs can be used to block unwanted traffic, allow only specific traffic, or shape traffic to meet specific requirements. They are often used in conjunction with other security features such as firewalls and VPNs to provide a comprehensive security solution for a network. ACLs can be applied to interfaces on a router or switch to control inbound or outbound traffic. They are processed in the order in which they are configured, and the first match is applied. This means that the most specific rules should be placed at the top of the ACL, and the more general rules should be placed at the bottom.

General information in short
ACLs are rules that filter packets
ACLs contain access control entries
ACLs can be configured by a numbered or named method ("remark" allows to attach comments to the list )
ACLs can be attached to an interface either inbound or outbound
The lists are processed from top-down sequentially
Specific rules should be placed at the top, general rules at the bottom
The last entry is an implicit "deny any" statement in every ACL

ACLs are used to control the flow of network traffic in three ways:

Description
Permit: Allows specific traffic to pass through the router or switch
Deny: Blocks specific traffic from passing through the router or switch
Implicit deny: Blocks all traffic that is not explicitly permitted by the ACL

Below a brief comparison between standard and extended ACLs:

Variant
ACL number ranges
Filter capability
Match traffic based on
Best practice for placement
Standard ACLs
1-99 & 1300-1999
Only IP traffic
Only source address information
Closer to the traffic destination
Extended ACLs
100-199 & 2000-2699
IP & protocol traffic
Source and destination information
Closer to the traffic source

Premium Access

Log in or register - Premium members can access all content without restrictions.

Get Premium

0 Comments

Submit a Comment