ACCESS CONTROL LIST peed Earliest method of providing network security. 1k provides layer3 and layer 4 security Controls the flow of traffic from one network to another Filters Packets (Packet Filtering Firewall) rene F rrscoane PF irae ssaasenaae weooxe ‘aN192368.10728 ‘wn—10000/8 Un 19216820/28SI Deny : Blocking a network/subnet/host/service. Pernt: Allowing a network/subnet/host/service. Source Adéres The address from where the request starts Destination address: The address where the request ends. Inbound: Traffic coming into the interface. ‘Outbound: Traffic gong out ofthe interface. SI + Protocols: IP (Internet Protocol) 1 (ranason contol protocal) oP User datagram protoet) 4 Ynernet control messaging protocol) es (equalto ea (ot equl 2) eles han) st lareater than) + Services: TTP, FTP, TELNET, DNS, DHCP et PCs “els the router which addressing bts must match to the address ivenin the ACL statement. Ws the Inverse ofthe subnet mask, hence is also called as Inverse mask. ‘Abitvalue of O indicates MUST MATCH (Check Bits). ‘Abit value of indicates IGNORE Ignore Bits). ‘Wildcard Mask for 3 host willbe always 00.0.0,Wild Card Mask ‘+ Avil card mask canbe calculated using the formula Global Subnet Mask = Subnet Mask ‘Wild Card Mask ee 255.255.255.255 255.255.255.255 = 255,255,255. 0 ~ 255.255.255.240 Pret ‘Works na sequential order from top to bottom. a match sfound it does not check further “There shouldbe at last one permit statement. ‘An implice deny blocks all traffic by default when there fs no match (on invisible statement) New entries are automatically added tothe bottom. ‘can have one access per interface per direction Removing of specific statement in a access-list is not possible. Se cotatngSCC “The access list umber ange is 1-99. ‘Can fitera network subnet oF host. “Two way communications stopped. ‘Allservices are blocked or allowed Implemented closest tothe destination (Guideline) Filters traffic based only on the source address. SMe a ssaawsa/ae on 192. 168.20/2¢ Ce aadCe ead tain oo _ ccessst 1 deny 192.168.13 09.0.0 ccessiet 1 permit Ce aad Sere te Soren —Croce “The acess ist number ranges 100199. Can filter a network, subnet, host and service. ‘One way communication is stopped. ‘Selected services can be blocked or allowed Implemented closest tothe source. (Guideline) Filters traffic based on the source adress, destination address and service, Cro Meg ssaawsa/ae 9716820726 Foor) (WebService) Fenner prea ee Tan 1921682/28oe eo access 101 permitip any ary SS ee oe eo