Skip to main content

Control Packets Traffic Using Access Control List

Access Control List (ACL) is a set of rules to control the traffic of packets in a computer network. In addition to controlling the traffic in a network, ACL plays a big role in network security. It can prevent unauthorized movements of packets and restrict the privileges depends based on the source, destination, and port number. It is defined in a way to avoid contradictions in rules. The top rule which matches the condition will operate and ignore the rest of rules. Here let us discuss the major uses and types of Access Control List.

Uses

The major uses of ACLs by network administrates are to control the telnet access through VTY and to filter the packets by defining the right rule on the basis of source IP address.

  • Control vty access into a router

  • Filter traffic that originates from the router


Types

There are two types of Access Control List. They are:
  1. Standard ACL

  2. Extended ACL

Standard ACL is based on the source IP address of the packet. Using standard ACL we can either block or permit traffic from one specific source IP. Extended ACL allows us to control the traffic on the base of source IP, destination IP, and Port number. Now let us check how to control packet movements in a network using these rules.


Configure Standard ACL on a Cisco router

To configure Standard ACL on a Cisco router, use the command below. It is the format of the command and it is explained with an example below.

access-list [ID] [per/deny] [Source IP] [Wild mask]

Now let us check one example. I am creating an access list with ID 10 to permit the packet from the source IP 192.168.1.0. To write such a rule, refer to the command below.

access-list 10 permit 192.168.1.0 0.0.0.255

Now let us check some important points while writing a standard ACL rule.

  1. The standard Access Control List ID can be in the range of 1 to 99.

  2. the rule is applied based on the source IP

  3. You can either permit or deny access to packets

Configure Extended ACL

Extended ACL is more flexible than standard ACL due to the extra features it controls. It uses source IP, destination IP and port numbers to control a packet. To configure a rule, we can use the command given below.

access-list 109 permit tcp 30.30.2.0 0.0.0.255 any eq 80

Here we are creating a rule to permit traffic from 30.30.2.0 through port 80 to any destination IP address. In extended ACL the ID can be changed from 100 to 199.

Further Readings
  1. Virtual Redundancy Protocol

  2. Dynamic Host Configuration Protocol

  3. Presentation Layer

  4. Fiber Distributed Data Interface

No:Recent Tutorials
1 Functions of Transport Layer in a Network
PING: Transmit failed. General Failure
The solution for Destination Net Unreachable - Error
Destination host unreachable
How to Enable Disabled Adapter
Resolve Windows Automatic IP Address
Solutions for Hard Disk SMART Command Failed Error Message
How to Solve TTL Expired in Transit
Ping Request Could not Find Host
Uses of Netstat Command

Comments

About Author

My photo
Alex George
Alex George has Engineering graduation in Computer Science and an MBA in Finance. He had been working as a senior Network Engineer for ten years. His specialization is in Cisco products. Traveling is one of his hobbies and visited various places as part of his onsite work. He visited different places as part of his onsite work like New York, Dubai, London, etc. Right now Alex is a director of one of the leading career development firms in India, which trains students for UPSC, SSC, and PSC examinations. He guides a lot of students to get selection for various prestigious institutions like CBI, Income Tax Department, etc. Alex George is a stock market investor and a very active intraday trader. Engineering Background: He has a B.Tech in Computer Science and Engineering and passed different network and security courses like CCNA, CCNP (Security), CEH, and various Microsoft certifications. Finance Background: Alex has an MBA in Finance. He is an active intraday trader and a Share Market Investor. Webmaster Skills: Alex is a blogger since 2004. He has a working knowledge of HTML, CSS, PHP, and JavaScrip.