Access Control List(ACL)

Access Control List

Earliest Method of providing network security.
It provides layer 3 and layer 4 security.
Controls the flow of traffic from one network to another.
Filter packets (packet filtering firewall)

Terminologies

  1. Deny: blocking a network/Subnet/Host/Service
  2. Permit: Allowing a network/Subnet/Host/Service
  3. Source Address: The address from where the request starts.
  4. Destination Address: The address where the request sends.
  5. Inbound: Traffic coming into the interface
  6. Outbound: Traffic going out of the interface
  7. Protocols:  
  • IP(Internet Protocol)
  • TCP (Transmission Control Protcol)
  • UDP (User Datagram Protocol)
  • ICMP (Internet Control Messaging Protocol)
      8.Operators:
  • eq(equal to)
  • neq(not equal to)
  • lt(less than)
  • gt(greater than)
       9.Services: HTTP(80),FTP(20,21),TELNET(23),DNS(53),DHCP( 67,68)

Wildcard Mask

  1. Tells the router which addressing bits must match to the address given in the ACL statement.
  2. It is the inverse of subnet mask, hence is also called as inverse mask.
  3. A bit value of '0' indicates must match.
  4. A bit value of '1' indicates IGNORE(ignore bits)
  5. Wildcard mask for a host will be always 0.0.0.0

   Working of ACL

  • Works in a sequential order from top to bottom.
  • If a match is found it does not check further
  • There should be at least one permit statement.
  • An implicit deny blocks all traffic by default when there is no match(an invisible statement)
  • New entries are automatically added to the bottom
  • Can have one access list per interface per direction.
  • Removing of specific statements in ACL is not possible (need to remove entire list, then create.)

TYPES OF ACL






 

 

 

 

 

 

 

Standard ACL

  • The access list number range is 1-99
  • Can filter a network, subnet or host.
  • Two way communication is stopped.
  • All services are blocked or allowed
  • Filters traffic based only on the source address
  • Implemented closest to the destination(Guideline)

Creation:
Syntax:
Router(Config)#access-list <acl no> <permit/Deny> <source address> <source wildcard mask>
Implementation:
Router(config)#interface <interface type> <interface no>
Router(config-if)#ip access-group <number> <out/in>
 Verification:
Router#show ip access-list

 Extended Access List

  • The access-list number range is 100-199
  • Can filter a network, subnet, host and service.
  • One way communication is stopped.
  • Selected services can be blocked or allowed
  • Filters traffic based on the source address, destination address and service.
  • Implemented closest to the source(Guideline).
Creation:
syntax:
Router(config)#access-list <aclno> <permit/Deny> <protocol> <source address> <destination wildcard mask> <operator> <service>
Implementation:
Router(config)#interface <interface type> <interface no>
Router(config-if)#ip access-group <number> <out/in>
Verification:
Router(config)#show ip access-list
 Extended Access control list configuration video

Comments

Post a Comment

Popular posts from this blog

Reasoning-Number Series

Complete the following series 225,224,____,222,221 a)220         b)223         c)219           d)226 Answer: b)      2. 17,19,23,29,31,37,______     a)41               b)43         c)40           d)42    Answer: If you look at the above series they are all prime numbers, next series will be 41        3.225,196,169,____,121,100,81     a)156              b)144         c)136           d)125 Answer: above series can be written as 15^2,14^2,13^2,____,11^2,10^2,9^2. The missing series is 12^2=144.     4.12,14,15,16,18,20     a)22              b)25         c)21           d)23 Answer: consider above series into two alternate parts. Like 12,15,18,____ & 14,16,20. Then the difference of two alternate series as follows: 3,3,3___ & 2,4. Next series after 18 need to be added with 3= 18+3=21.     5.64,125,216,343,__     a)64              b)424         c)317           d)512 Answer: The above series can be written, 4^3,5^3,6^3,7^3, then the next
Read more

Reasoning-Letter Series

Question & Answers 46. abc-a--d-bcdabcd (1)d b b a        (2)d c a a        (3)a b c d     (4)d b c a 47.b-da-cda-c-abc (1)a a b b        (2)d b c a        (3)a d b c     (4)c b b d 48. a a a b -b c - - a a - (1)a b b c        (2)a c b c        (3)b a c a     (4)b c c a 49. -b a b - b c b c - c a - a b (1)a b c c         (2)a b c b        (3)a c a c     (4)a a c b 50.a b c - - c b a a - c d d c - a (1)d b d b        (2)d d b b         (3)b c a d     (4)a d b c 51.E, A _, O, I (1)E        (2)U        (3)X     (4)V 52.D , F ,G, H , J ,K , L, M , N __ (1)O        (2)Q        (3)P     (4)R 53.E, J, O , T, Y, ____ (1)D        (2)Z        (3)C     (4)E 54.G, J, N , Q, U, ____ (1)W        (2)X        (3)Y     (4)Z 55.R, K, F, C, ____ (1)Z        (2)Y        (3)W     (4)A 56. BY,CX,EV, GT, KP,____ (1)JQ        (2)MN        (3)PK     (4)LO 57.AI,EO,IU,__,UE (1)OU        (2)OI        (3)UA     (4)OA 58.AP, BQ, CR, DS, ____ (1)ET        (2)EU        (3
Read more

Multiply Negative numbers in java

For this challenge, you will be given an array and you are asked to count how many numbers are negative and multiply them and print the output to the STDOUT.  Input Format  -  you will be taking a number as an input from STDIN which tells about the length of the array. On another line, array elements should be there with single space between them.  Output Format  -  print the multiplication to the STDOUT.  Sample Test Case:   Sample Input: - 7 -8 -7 6 0 7 -1 6 Sample Output  -  -56  Explanation:   There are three negative numbers present in the array and their multiplication comes out to be -56.
Read more