From Mycomputer Notes

Revision as of 04:30, 10 September 2006 (edit) Admin (Talk | contribs) (→Creating ACLs) ← Previous diff		Revision as of 04:31, 10 September 2006 (edit) (undo) Admin (Talk | contribs) (→Creating ACLs) Next diff →
Line 39:		Line 39:
	The next step is to assigned the ACL to the proper interface.		The next step is to assigned the ACL to the proper interface.
-	<blocquote>	+	<blockquote>
	[[Image:acl_range.JPG|Frame|ACL Range]]		[[Image:acl_range.JPG|Frame|ACL Range]]
	</blockquote>		</blockquote>

---

Revision as of 04:31, 10 September 2006

Routers provide basic traffic filtering capabilities, such as blocking Internet traffic, with access control lists (ACLs). An ACL is a sequential collection of permit or deny statements that apply to addresses or upper-layer protocols.

ACLs are lists of instructions you apply to a router's interface. These lists tell the router what kinds of packets to accept and what kinds of packets to deny. Acceptance and denial can be based on certain specifications;

• Source address
• Destination address
• Port number

An ACL can be created for all Routed Protocols Routed Protocols to filter packets as the packets pass through a router. ACLs can be configured at the router to control access to a network or subnet. ACLs filter network traffic by controlling whether routed packets are forwarded or blocked at the router's interfaces. The router examines each packet to determine whether to forward or drop it, based on the conditions specified in the ACL (source address, the destination address, upper-layer protocol, or other information.) ACLs must be defined on a per-protocol basis. In other words, you must define an ACL for every protocol enabled on an interface if you want to control traffic flow for that interface

How ACL Works?

An ACL are a group of statements that defines how packets;

• Enter inbound interfaces
• Relay through the router
• Exit outbound interfaces of the router.

ACL Process Flow

ACL statements operate in sequential, logical order. If a condition match is true, the packet is permitted or denied and the rest of the ACL statements are not checked. If all the ACL statements are unmatched, an implicit "deny any" statement is imposed. This means that even though you will not see the "deny any" as the last line of an ACL, it is there. If the frame entering the router interface matchsthe first test, a packet is denied access to the destination. It is discarded and dropped into the bit bucket, and it is not exposed to any ACL tests that follow. If the packet does not match conditions of the first test, it drops to the next statement in the ACL

ACL Flowchart test matching

Creating ACLs

ACL is created in the global configuratin mode:

<Router>enable
<Router#>configure terminal
<Router config#>

When ACLs are configured on a router, each ACL must have a unique identification number assigned to it. This number identifies the type of access list created and must fall within the specific range of numbers that is valid for that type of list.

After the above commands have been entered the type of ACL (standard/extended) needs to be specified; then the Admin enters the access-list statement using the keyword access-list followed by the proper parameters. The next step is to assigned the ACL to the proper interface.