Networks tend to be vulnerable (to security risks) due to the incoming and outgoing unwanted and dangerous traffic. A security mechanism is needed to control the flow of traffic and provide a secure remote administrative access. We can do this by restricting, permitting, and denying unnecessary traffic. Show
This article will cover how the Access Control Lists (ACLs) can be used to control traffic flow by filtering all the incoming and outgoing packets. We use various types of control lists and we will go over how they can be used to configure the ACLs on the router interface. Table of contents
PrerequisitesTo follow along with this tutorial, the reader should:
Go to this page to download and install the Cisco packet tracer on your PC. Terminologies
By default, the ACLs are not configured on the routers, so the network user has to configure each of the router’s interfaces.
Access Control List operationsOnce a particular ACL is configured on an interface, it follows an operational procedure to filter the traffic flowing into the router.
Access Control Lists typesThere are two types of Access Control Lists: numbered and named ACLs.
Both the named and numbered ACLs are divided into two categories:
They range from 100-199 and are implemented closest to the source to block a selected number of services specified by the network administrator. A command access list is used to show the available ACLs that can be configured on the router interface.
Access Control Lists tasksRouters use ACLs to perform the following tasks:
Access Control List configurationMoving on, we will learn how to create and configure standard
For instance, we have an access list called PERMIT-ACCESS of a standard type.
For the numbered ACL, we use;
For instance, we have created ACL 10 which permits a particular host to the internet.
Let’s consider the Local Area Network below: We will create one numbered ACL, ACL 20 that denies host 192.168.10.10 but permits all other hosts on network 192.168.10.0/24. Start by configuring the ACL 20 ACE that denies the 192.168.10.10 host using the
Since ACL 20 only apply to traffic from LAN 1, the ACL can be applied to the incoming traffic to the G0/0/0 R1’s interface. Enter interface G0/0/0 mode, apply ACL 20 inbound and return to global configuration mode.
We will then create a named standard ACL that permits host 192.168.10.10 but denies all other hosts on network 192.168.20.0/24. Start by creating a named standard ACL named LAN2-FILTER.
Create
an ACE that permits host 192.168.10.10, and deny all other hosts using the
The LAN2-FILTER will be applied to the outgoing traffic to LAN 2. Enter interface G0/0/1 mode, apply ACL LAN2-FILTER outbound and return to global configuration mode.
ConclusionAs we have seen, Access Control Lists play a crucial role in traffic flow control and the network’s security at large. This makes the network less vulnerable to unwanted and dangerous traffic. To summarize, we have:
One can find more information about network management here. Happy coding! Peer Review Contributions by: Eric Gacoki Which type of coaxial cable is recommended for digital television cable signals?The most common types of coaxial cable for video are RG-59 and RG-6. Of these, RG-59 is the industry standard cable, whereas RG-6 is better for digital video signals.
What is the list of rules that a firewall uses to make determinations on which traffic to block called?Access control lists are used for controlling permissions to a computer system or computer network. They are used to filter traffic in and out of a specific device. Those devices can be network devices that act as network gateways or endpoint devices that users access directly.
Which of the following networking hardware device is capable of creating Vlans?Ethernet switches are capable of using Virtual LANS (VLANS) so that ports (interfaces) on more than one switch can be “glued together” to make a virtual network.
Which physical topology uses a centralized device to manage traffic on the network?The star topology is the most common network topology used nowadays for the many advantages it provides. This topology requires a centralized unit, which is called a switch, and all other network devices are connected to this switch with own network cable.
|