Control Packets Traffic Using Access Control List

Access Control List (ACL) is a set of rules to control the traffic of packets in a computer network. In addition to control the traffic in a network ACL plays a big role in network security. It can prevent unauthorized movements of packets and restrict the privileges depends based on the source, destination and port number. It is defined in a way to avoid contradictions in rules. The top rule which matches the condition will operate and ignore the rest of rules. Here let us discuss the major uses and types of Access Control List.

Uses

The major uses of ACLs by network administrates are to control the telnet access through VTY and to filter the packets by defining the right rule on the basis of source IP address.

  • Control vty access into a router

  • Filter traffic that originates from the router


Types

There are two types of Access Control List. They are:
  1. Standard ACL

  2. Extended ACL

Standard ACL is based on the source IP address of the packet. Using standard ACL we can either block or permit traffic from one specific source IP. Extended ACL allows us to control the traffic on the base of source IP, destination IP and Port number. Now let us check how to control packet movements in a network using these rules.


Configure Standard ACL on a Cisco router

To configure Standard ACL on a Cisco router, use the command below. It is the format of the command and it is explained with an example below.

access-list [ID] [per/deny] [Source IP] [Wild mask]

Now let us check one example. I am creating an access list with ID 10 to permit the packet from the source IP 192.168.1.0. To write such rule, refer the command below.

access-list 10 permit 192.168.1.0 0.0.0.255

Now let us check some important points while writing standard ACL rule.

  1. The standard Access Control List ID can be in the range of 1 to 99.

  2. rule is applied based on the source IP

  3. You can either permit or deny access to packets

Configure Extended ACL

Extended ACL is more flexible than standard ACL due to the extra features it controls. It uses source IP, destination IP and port numbers to control a packet. To configure a rule, we can use the command given below.

access-list 109 permit tcp 30.30.2.0 0.0.0.255 any eq 80

Here we are creating a rule to permit traffic from 30.30.2.0 through port 80 to any destination IP address.In extended ACL the ID can be changed from 100 to 199.

Further Readings
  1. Virtual Redundancy Protocol

  2. Dynamic Host Configuration Protocol

  3. Presentation Layer

  4. Fiber Distributed Data Interface

Home

No comments: