Access Control List(ACL)

Access Control List

Earliest Method of providing network security.
It provides layer 3 and layer 4 security.
Controls the flow of traffic from one network to another.
Filter packets (packet filtering firewall)

Terminologies

  1. Deny: blocking a network/Subnet/Host/Service
  2. Permit: Allowing a network/Subnet/Host/Service
  3. Source Address: The address from where the request starts.
  4. Destination Address: The address where the request sends.
  5. Inbound: Traffic coming into the interface
  6. Outbound: Traffic going out of the interface
  7. Protocols:  
  • IP(Internet Protocol)
  • TCP (Transmission Control Protcol)
  • UDP (User Datagram Protocol)
  • ICMP (Internet Control Messaging Protocol)
      8.Operators:
  • eq(equal to)
  • neq(not equal to)
  • lt(less than)
  • gt(greater than)
       9.Services: HTTP(80),FTP(20,21),TELNET(23),DNS(53),DHCP( 67,68)

Wildcard Mask

  1. Tells the router which addressing bits must match to the address given in the ACL statement.
  2. It is the inverse of subnet mask, hence is also called as inverse mask.
  3. A bit value of '0' indicates must match.
  4. A bit value of '1' indicates IGNORE(ignore bits)
  5. Wildcard mask for a host will be always 0.0.0.0

   Working of ACL

  • Works in a sequential order from top to bottom.
  • If a match is found it does not check further
  • There should be at least one permit statement.
  • An implicit deny blocks all traffic by default when there is no match(an invisible statement)
  • New entries are automatically added to the bottom
  • Can have one access list per interface per direction.
  • Removing of specific statements in ACL is not possible (need to remove entire list, then create.)

TYPES OF ACL






 

 

 

 

 

 

 

Standard ACL

  • The access list number range is 1-99
  • Can filter a network, subnet or host.
  • Two way communication is stopped.
  • All services are blocked or allowed
  • Filters traffic based only on the source address
  • Implemented closest to the destination(Guideline)

Creation:
Syntax:
Router(Config)#access-list <acl no> <permit/Deny> <source address> <source wildcard mask>
Implementation:
Router(config)#interface <interface type> <interface no>
Router(config-if)#ip access-group <number> <out/in>
 Verification:
Router#show ip access-list

 Extended Access List

  • The access-list number range is 100-199
  • Can filter a network, subnet, host and service.
  • One way communication is stopped.
  • Selected services can be blocked or allowed
  • Filters traffic based on the source address, destination address and service.
  • Implemented closest to the source(Guideline).
Creation:
syntax:
Router(config)#access-list <aclno> <permit/Deny> <protocol> <source address> <destination wildcard mask> <operator> <service>
Implementation:
Router(config)#interface <interface type> <interface no>
Router(config-if)#ip access-group <number> <out/in>
Verification:
Router(config)#show ip access-list
 Extended Access control list configuration video

Comments

Post a Comment

Popular posts from this blog

Reasoning-Number Series

Complete the following series 225,224,____,222,221 a)220         b)223         c)219           d)226 Answer: b)      2. 17,19,23,29,31,37,______     a)41               b)43         c)40           d)42    Answer: If you look at the above series they are all prime numbers, next series will be 41        3.225,196,169,____,121,100,81     a)156              b)144         c)136           d)125 Answer: above series can be written as 15^2,14^2,13^2,____,11^2,10^2,9^2. The missing series is 12^2=144.     4.12,14,15,16,18,20     a)22              b)25         c)21           d)23 Answer: consider above series into two alternate parts. Like 12,15,18,____ & 14,16,20. Then the difference of two alternate series as follows: 3,3,3___ & 2,4. Next series after 18 need to be added with 3= 18+3=21.     5.64,125,216,343,__     a)64              b)424         c)317           d)512 Answer: The above series can be written, 4^3,5^3,6^3,7^3, then the next
Read more

Reasoning-Letter Series

Question & Answers 46. abc-a--d-bcdabcd (1)d b b a        (2)d c a a        (3)a b c d     (4)d b c a 47.b-da-cda-c-abc (1)a a b b        (2)d b c a        (3)a d b c     (4)c b b d 48. a a a b -b c - - a a - (1)a b b c        (2)a c b c        (3)b a c a     (4)b c c a 49. -b a b - b c b c - c a - a b (1)a b c c         (2)a b c b        (3)a c a c     (4)a a c b 50.a b c - - c b a a - c d d c - a (1)d b d b        (2)d d b b         (3)b c a d     (4)a d b c 51.E, A _, O, I (1)E        (2)U        (3)X     (4)V 52.D , F ,G, H , J ,K , L, M , N __ (1)O        (2)Q        (3)P     (4)R 53.E, J, O , T, Y, ____ (1)D        (2)Z        (3)C     (4)E 54.G, J, N , Q, U, ____ (1)W        (2)X        (3)Y     (4)Z 55.R, K, F, C, ____ (1)Z        (2)Y        (3)W     (4)A 56. BY,CX,EV, GT, KP,____ (1)JQ        (2)MN        (3)PK     (4)LO 57.AI,EO,IU,__,UE (1)OU        (2)OI        (3)UA     (4)OA 58.AP, BQ, CR, DS, ____ (1)ET        (2)EU        (3
Read more

Profit and Loss

Cost Price (C.P.) The price at which an article is purchased or manufactured is called its cost price. Selling Price (S.P.) The price at which an article is sold, is called its selling price. Profit If the selling price of an article is greater than its cost price, we say that there is a profit or gain. Profit = Selling Price - Cost Price When S.P.>C.P. Profit = S.P. - C.P. S.P.= C.P.+Profit C.P.=S.P.-Profit Profit % = Profit/C.P. * 100 Profit = Profit % * C.P. When C.P.  and Profit% are given then, S.P. = C.P. * ((100+Profit %)/100) When S.P. and Profit % are given then C.P.= 100* S.P./100+ Profit % Loss If the selling price of an article is less than tits cost price, we say that there is a loss. Loss = Cost Price - Selling Price  When C.P.>S.P. Loss = C.P. - S.P. S.P.= C.P.-Loss C.P.=S.P.+Loss Loss % = Loss/C.P. * 100 Loss = Loss % * C.P. When C.P.  and Loss % are given then, S.P. = C.P. * ((100-Loss %)/100) When S.P. and Loss
Read more