What is Access control list or ACL: configuration to filter network traffic?

Certification: Cisco CCIE Routing and Switching - Cisco Certified Internetwork Expert Routing and Switching


What is Access control list or ACL: configuration to filter network traffic?

The filers that are enabled to control the permission or denial of the routing updates and packets in the network or out of the network are termed as Access Control Lists. These are specially designed for the filtration of the traffic and enabling the network administrators to make their network extra secure, which can be used on routers (Cisco).

ACL is capable to provide a powerful method to control the traffic in and out of the network system. This can be achieved by simply providing the permission or declining to the addresses of the network hosts. All the routed network protocol can be configured by using ACL. ACL is used most importantly to provide network security, and it can also be used to control the traffic on the network on the basis of TCP port usage.

Different kinds of ACLs (Access Control List)

There are two types of Access Control List namely Standard access list and Extended Access List.

Standard Access List

Standard access list are lists that creates filters on the basis of address of the source and can be used for filtering based on server. The Standard access list creates Address based access list that are able to distinguish the different routes on the network that are controlled by the IP address of that network. The address access lists have the list of such addresses and their range and information abut them to whether allow the access to them or deny.

Extended Access List

Extended access list are such lists that creates filters on the basis of destination addresses, addresses, port number, protocol, and other criteria. These filters are responsible to filter the network on the basis of packets that are responsible for the traversing of network.

The extended and standard access lists are used to apply base on the command list of IP access. The various access lists use the feature of denial and permission to define a packet whether to allow it the entry into the network or not. 

Working of ACL (Access Control List)

According to the rules of filtering, a packet is forwarded or denied by a router which behaves like a packet filter. The router responsible for packet filtering in the Layer 3 uses the rules to decide which traffic is allowed or denied based on the IP address of the source and destination, port of the source and destination, and the protocol associated with the packet. In simple words the work of the ACL resembles the work of the guard that is stationed outside a party hall. He only allows the people who have their names on the guest list and the invitations. The others are denied the entry. So the guard is working on the condition of having the names of guests in the guest list and their invitation cards.

Likewise, when a router receives a packet, the filtering router is responsible to extract information from the received packet, if the rules state it should be allowed it allowed otherwise it is dropped. The Network layer of OSI (Open System Interconnection) model or the TCP/IP layer works on the packet filtering. The dropping and accepting of the packets are done by the router on the basis of the rules provided in the access list. It should be noted that some users can try to evade or fool the access list due to the absence of authentication in the access list.

Why the ACLs should be used and configured

The ACL (Access Control List) are used because of the following reasons:

  • The ACL limits the traffic on the network, so that the performance of the network is increased.
  • The ACL provide the control on the flow of the traffic by limiting the routing update delivery.
  • The ACL is capable of providing Additional security to the network.
  • The ACL is responsible for the blocking and allowance of the traffic on the network.
  • It controls the areas which should be accessed and which should not be by the client.

Another important reason behind configuring the access list is the capability of the access list to provide network security. The access list should be used to provide a basic level of security. If the access lists are not used all the packets that pass through your network will be allowed on all the parts of the network. The access list can also be used to allow one host of the network to access while preventing another host from access of the same area. This feature is useful in big firms and organizations which have restricted use of information.

When should be Access Lists configured

Access Control Lists are used in the routers used in firewall, which are usually placed between the external network and your internal network like Internet. The access list can also be used on the router that is placed between two groups of network, for controlling the traffic that enters or leaves a section of the internal network.

The access the benefits of the access list, the border routers, routers that are situated at the ends of the network should be at the minimal configuration access list. This will help in providing a buffer from outside network or from an area that is less controlled from the parent network, to the sensitive area of the internal network. Each of the network protocol should be configured with a access list of its own on various interfaces of the routers. You should define the Access lists for each and every protocol or in other words, there should be an access list for each protocol that is enabled on the interface in order to control the flow of traffic.

So the Access control list plays an important role in traffic monitoring.

 


Related IT Guides

  1. Are students advised to complete four CCNA Routing and Switching courses before enrolling in the CCNA security course?
  2. Are the CCNA Routing and Switching certifications exam changing?
  3. Basis CCNA Routing and Switching latest curriculum
  4. CCNA Routing and switching exams: Which is easier CCNAX or ICND
  5. CCNAX or the ICND: Which exam pathway is better for CCNA R&S and why?
  6. Common OSPF problems and its troubleshooting
  7. Eleventh hour CCNA Routing and switching exam: What to do?
  8. How do students move from CCNA discovery and exploration to CCNA Routing and Switching?
  9. How does CCNA Routing and Switching differ from CCNA discovery and CCNA exploration?
  10. How to build your CCNA Routing and Switching lab on your own?
  11. How to get CCIE Routing & Switching practice labs for free?
  12. How to get CCNA Routing and Switching practice questions online for free?
  13. How to prepare for CCIE Routing & Switching exam?
  14. How to Prepare for CCIE Routing and Switching Lab?
  15. How to prepare for CCIE routing and switching online?
  16. How to resolve EIGRP problems
  17. How to take online training for CCIE Routing and Switching exam
  18. How to verify network status and switch operation using basic utilities: Ping, SSH and telnet
  19. Lab equipment for CCIE Routing & Switching
  20. Most important dumps for CCIE Routing & Switching written exams
  21. NAT: Basic operations and how to configure
  22. Tackling the CCIE written exam: what topics make the difference?
  23. Technology and Media access control method for Ethernet networks
  24. What are Common Routing Issues and How to resolve them
  25. What are the basic operations of the protocols in the OSI and TCP/IP Models
  26. What are the basic routing concepts? Packet forwarding, Router lookup process and process switching:
  27. Why private and public IP addresses for IPv4 addressing is necessary