Scribd Logo
Upload

Welcome to Scribd!

  • Access Control List

    Uploaded by

    Mubarik Ali Muhumed
    19 views17 pages
    cisco ACL

    Original Title

    What is ACL

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    cisco ACL

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    19 views17 pages

    Access Control List

    Uploaded by

    Mubarik Ali Muhumed
    cisco ACL

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    Access Control List

    Mubarik Ali
    Access Control Lists (ACLs)?
    Learning Objective:

    • explain the differences between standard and


    extended ACLs
    • Explain the rules for placement of ACLs
    • Create and apply named ACLs
    • Describe the function of firewalls
    Cisco application view
    • ACLs are lists of conditions used
    to test network traffic that tries
    to travel across a router
    interface. These lists tell the
    router what types of packets to
    accept or deny. Acceptance and
    denial can be based on specified
    conditions. ACLs enable
    management of traffic and
    secure access to and from a
    network.
    ACLs benefits
    • Limit network traffic and increase network performance.
    • Provide traffic flow control.
    • Provide a basic level of security for network access.
    • Traffic decision ( forwarded or blocked at the router interfaces).
    • Area accessing
    • to Permit or deny hosts to access a network segment.
    • can provide access control based on Layer 3 addresses for IP and IPX
    protocols.
    How ACL executed

    • Made decisions by
    matching a condition
    statement in an access
    list and then performing
    the accept or reject
    action defined in the
    statement.
    • ACL statements operate
    in sequential, logical
    order
    Entering Frame to a Router
    • After indicate if the frame have a matched layer 2
    address or it’s a broadcast form, the router will
    check if there ACLs command present
    • If the packet is accepted or no ACL : the packet is
    encapsulated in the new Layer 2 protocol and
    forwarded out the interface to the next device.
    • ACL exists: the packet is tested against the
    statements in the list. If the packet matches a
    statement, it is either accepted or rejected.
    Example of ACL
    Types of Access control List

    1. Standard access control list


    2. Extended access control list
    Summary of access list

    • General guide line for ACL


    • ACLs are always processed from top to down in sequential order.
    • A packet is compared with ACL conditions until it finds a match.
    • Once a match is found for packet, no further comparison will be done
    for that packet.
    • Interface will take action based on match condition. There are two
    possible actions; permit and deny.
    • If permit condition match, packet will be allowed to pass from
    interface.
    • If deny condition match, packet will be destroyed immediately.
    Summary of access list

    • Every ACL has a default deny statement at end of


    it.
    • If a packet does not meet with any condition, it
    will be destroyed (by the last deny condition).
    • Empty ACL will permit all traffic by default.
    Implicit deny condition will not work with empty
    ACL.
    • Implicit (default last deny) condition would work
    only if ACL has at least one user defined
    condition.
    Summary of access list
    • ACL can filter only the traffic passing from interface. It cannot filter
    the traffic originated from router on which it has been applied.

    • Standard ACL can filter only the source IP address.

    • Standard ACL should be placed near the destination devices.

    • Extended ACL should be placed near the source devices.

    • Each ACL needs a unique number or name.

    • We can have only one ACL applied to an interface in each direction;


    inbound and outbound.
    Standard access control list

    A standard ACL can permit or deny traffic based only on the source
    address(s).

    • Access control list formula

    • Router(config)#access-list <access-list-number> {permit|


    deny} {host|source source-wildcard|any}
    Standard access control list LAB
    R1# ip configuration
    • Router>enable
    • Router#configure
    • Router(config)#int fa 0/0
    • Router(config-if)#ip addr 192.168.1.1 255.255.255.0
    • Router(config-if)#no shutdown

    • Router(config)#int fa 0/1
    • Router(config-if)#ip addr 192.168.10.1 255.255.255.0
    • Router(config-if)#no shutdown

    • Router(config)#int s 0/0/0
    • Router(config-if)#ip addr 10.15.20.2 255.255.255.0
    • Router(config-if)#no shutdown

    • Router(config-if)#ip route 0.0.0.0 0.0.0.0 10.15.20.1


    R2

    • Router>enable
    • Router#configure
    • Router(config)#int s 0/0/0
    • Router(config-if)#ip addr 10.15.20.1 255.255.255.0
    • Router(config-if)#no shutdown

    • Router(config-if)#ip route 0.0.0.0 0.0.0.0 10.15.20.2



    deny host 192.168.1.10 for all networks

    •----- deny host 192.168.1.100 to reach the internet -----


    •Router(config)#access-list 50 deny host 192.168.1.100
    •Router(config)#access-list 50 permit any

    --------------apply access list to interface --------------


    •Router(config)#int s 0/0/0
    •Router(config-if)#ip access-group 50 out

    •-------------Test your access list


    •Show ip access-lists
    Deny network 192.168.1.0 for each ISP

    ------- deny network


    •Router(config)#access-list 70 deny 172.16.0.0 0.0.0.255
    •Router(config)#access-list 70 permit any
    •Router(config)#int E 1/0
    •Router(config-if)#ip access-group 70 out

    •Test your configuration

    •Router#show ip access-lists 70

    You might also like