ACL (Access Control List)

acl-access-control-lists 2

ACL (Access Control List) is a list of rules that specifies which users or systems are allowed access to a particular object or system resource. It can simply be defined as a set of instructions to filter inbound and outbound traffic on an interface.

 

Access Control List Overview and Access List Concepts

Access Control List carries out a packet identification mechanism and can also identify packets on the basis of Layer 3 and Layer header. Each access list is composed of one or more ACEs (Access Control Entries) and each ACE is assigned a sequence number. ACEs are processed in sequential order until a match is found. Primarily some of the Access List concepts available are Plan, List, and Apply

 

Types of Access Control List (ACL)

There are 3 types of Access-list: Standard Access List, Extended Access List and Named Access List.

 

Standard Access Control Lists (ACLs)

Standard ACLs identify traffic based on Layer-3 header and only the source IP address is checked. The range is from 1 through 99

standard-access-control-list-1                                                            standard-access-control-list-2

 

Configuring, Applying, and Verifying Standard ACL

Below illustrates how we can configure, pair and verify Standard ACL:

  • Configuration Command:

Router(config)#access-list<#> <permit | deny> host <source address>

 

  • Pairing ACLs with access groups:

Router(config)#ip access-group <#> <in | out>

 

  • Verification commands:

Router# show ip access-list

Router# show run | include access-list

 

Extended Access Control Lists (ACLs)

Extended ACLs filter traffic based on Layer-3 and Layer-4 headers. Source and demonstration IP and port numbers can be checked and the range is from 100 through 199

extended-access-control-list-1

 

Configuring, Applying and Verifying Extended Access Control List (ACL)

  • Configuration Command:
  • Router(config)#access-list<#> <permit | deny> <protocol> <source address> <wildcard mask> <destination address> <wildcard mask> <port numbers>

 

  • Pairing ACLs with access groups:
  • Router(config)#ip access-group <#> <in | out>

 

  • Verification commands:
  • Router# show ip access-list
  • Router# show run | include access-list

 

Named Access Control Lists (ACLs)

  • Individual statements can be edited, unlike numbered ACLs

 

  • Configuring standard named ACL:

Router(config)#ip access-list standard <name>

Router(config-std-acl)# <permit | deny> <source address>

 

  • Configuring extended named ACL:

Router(config)#ip access-list standard <name>

Router(config)#access-list<#> <permit | deny> <protocol> <source address> <wildcard mask> <destination address> <wildcard mask> <port numbers>

  • Pairing ACLs with access groups:

Router(config)#ip access-group <#> <in | out>

 

ACL (Access Control Lists) – Online Quiz CCNA

 

-End-

 

You might also be interested in our free Online Quizzes on all IT topics including Cisco CCNA, Cyber Security, Python Programming, Linux & Ethical Hacking:

Free Online Quizzes (Best for Cisco CCNA, Huawei HCNA, N+)

You can also view free study notes (Cheat sheets) for long term memory:

Networkwalks Summary Cheatsheets

Follow our Facebook Page & YouTube Channel for more updated Cheatsheets & Quizzes:

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments