Access Control Lists (ACL)
An access control list for short is a rule to filter the traffic.
There are three kinds of control list, Standard IP, Extended IP and Standard IPX. I will be talking only about the first two kinds in this post.
In both standard and extended, there is the numbered access-list and the named access-list.
When writing access-list commands, you have to place the more specific statements at the top and the general statements at the bottom.In both standard and extended, there is the numbered access-list and the named access-list.
There are a few steps to writing ACLs.
Step 1- Understand the network flow, configure the ACL policy
Create access-list (standard or extended)
Step 2- Confirm the filtering & directions are correct
Step 3- Apply ACL policy to interface (inbound or outbound)
| Standard | Extended |
|---|---|
| Number 1-99 | Number 100-199 |
| Uses only SourceIP | Uses Source, Destination IP and Port Number |
| Applied closest to the destination | Applied closest to the source |
CONFIGURATIONS EXAMPLES :
| Standard Number | Standard Named |
|---|---|
| access-list (#) access-list(#) permit/deny srcIP WildcardMask | ip access-list standard (name) permit/deny srcIP WildcardMask |
| Extended Number | Extended Named |
|---|---|
| access-list (#) permit/deny protocol srcIP mask avg port destIP mask avg port | ip access-list extended (name) permit/deny protocol srcIP mask avg port destIP mask port |
Yo Luke, I am junrong. After reading your latest post on ACCESS CONTROL LISTS (ACL), i feel that i have learn more new things. I espacially like the way you had written your post : Steps to writing ACLS. This allow me to understand ACL easier and how i could apply it. Good job for putting in the hardwork. See you soon
ReplyDeleteHi Luke,
ReplyDeleteI've read through your post on access control lists. After doing so, I now understand more about the different type of access lists. You've also taken the effort to include tables to categorised & highlight the difference between standard and extended ACL, so good job there! :)
Moreover, you've also provided us with the syntax on how to implement such ACLs in the packet tracer/actual router. These additional information can prove to be very useful to us in the near future! ^-^
Once again, really well done!
aloysiusT
Hey Luke,
ReplyDeleteI have taken the opportunity to read through your post on Access Control List and I would like to firstly thank you for giving us the opportunity to learn more about this topic. You have written a wonderful post about this and I find it to be very informative and interesting. Even though I have done my own research, reading your post have given me more knowledge on this particular topic. I especially like the fact that you took the time to show us the steps to writing an ACL. Once again, well done and thanks.
See you soon
Hi Luke,
ReplyDeleteThanks for the post. I have learnt a lot from it.
Julian