WHAT IS AN ACCESS CONTROL LIST?
In the Cisco IOS, an access control list is a record that identifies and manages traffic. After identifying that traffic, an administrator can specify various events that can happen to that traffic.
WHAT'S THE MOST COMMON TYPE OF ACL?
IP ACLs are the most popular type of access lists because IP is the most common type of traffic. There are two types of IP ACLs: standard and extended. Standard IP ACLs can only control traffic based on the SOURCE IP address. Extended IP ACLs are far more powerful; they can identify traffic based on source IP, source port, destination IP, and destination port.
WHAT ARE THE MOST COMMON NUMBERS FOR IP ACLS?
The most common numbers used for IP ACLs are 1 to 99 for standard lists and 100 to 199 for extended lists. However, many other ranges are also possible.
- Standard IP ACLs: 1 to 99 and 1300 to 1999
- Extended IP ACLs: 100 to 199 and 2000 to 2699
HOW CAN YOU FILTER TRAFFIC USING ACLS?
You can use ACLs to filter traffic according to the "three P's"—per protocol, per interface, and per direction. You can only have one ACL per protocol (e.g., IP or IPX), one ACL per interface (e.g., FastEthernet0/0), and one ACL per direction (i.e., IN or OUT).
HOW CAN AN ACL HELP PROTECT
MY NETWORK FROM VIRUSES?
You can use an ACL as a packet sniffer to list packets that meet a certain requirement. For example, if there's a virus on your network that's sending out traffic over IRC port 194, you could create an extended ACL (such as number 101) to identify that traffic. You could then use thedebug ip packet 101 detail command on your Internet-facing router to list all of the source IP addresses that are sending packets on port 194.
References:
Thanks for sharing on the topic of Access Control List and what its all about. I now have a clearer view of what Access Control List does. Now, I know that Access Control List helps protect networks from viruses as the ACL can be used as a packet sniffer to list packets that meet certain requirements. Like the example given by Jasper, if there is a virus on a network that is sending out traffic on port 194, extended ACL can be created to identify the traffic. How ACL filters traffic on the network is by the protocol, interface and direction of the traffic.
ReplyDeleteThanks for sharing with us on access control list. The font is so clear that I know that that is a header. The topic is clear and nicely arranged. In other words, its in a step-by-step motion where I will see what is an ACL first, before going into deeper detail.
ReplyDeleteI have learnt more about ACLs after reading this post. However, i think the common numbers for standard ip acls should be 1300 - 1399 and not 1999
ReplyDelete