Search This Blog

Tuesday, 6 September 2022

Access Control Lists Configuration ( Standard & Exteneded)

  

Access Control List or ACLs

Access Control lists are the traffic filtering techniques that are used to allow access or deny access to a system from any device. These traffic filtering rules are applied to allow or block desired traffic from a source to a destination.

ACL contains a list of certain conditions that are used to categorically divide the type of traffic to deny or allow. After setting the specific condition, these conditions are applied to the interfaces of the routers.

The are two main types of Access control lists

·         Standard Access Control list

·         Dynamic Access Control List

 

Standard Access Control list

A standard access control list is a bit simpler than an extended access control list. Standard ACLs are the traffic profiles that only match the source and destination IP addresses. Standard ACLs are always applied close to the destinations to reduce the number of access control lists.

·         Numbered ACLs use the number range from 1-99 & 1300 -1999

·         Named ACLs are the same form as Standard ACLs with the same pros & Cons, but the benefits are they can be named according to the purpose of implementation.

ACLs are applied on the interface of a router, or a layer-III switch, in the below diagram if we want to block traffic to reach the router, we need to write a policy list in the router and apply the policy on a router interface either in or out direction.



 

 

Standard ACL Configuration

The ACLs can be configured with several names in a router and then an interface is bound with it for work. In The below packet tracer simulation file, we have configured 4 VLANs, two on each switch. The PCs (PC-VLAN 10 & PC-VLAN 20) and ping the pc on right (PC-VLAN 30 & PC-VLAN 40).

Now we will implement a standard ACL on the router interface G0/0 to perform the below function.

·         Allow the traffic of PC-VLAN 10 to PC-VLAN 30 and block the traffic from PC-VLAN 20 to access PC-VLAN 30.

We have implemented the below ACL on g0/1.30 interface to block the traffic from PC-VLAN-20. Let’s check if the ACL is working fine or not. This can be checked by sending a ping from both PC-VLAN-10 and PC-VLAN-20.



Configuration on the Router




PC-VLAN-10 can ping the PC-VLAN-30



PC-VLAN-20 is unable to ping PC-VLAN-30

Extended Access Control list

Extended Access control lists are more flexible than standard ACLs. Extended ACLs have more features than standard ACLs. Below are the features of extended ACLs.

·         Source and Destination IP addresses.

·         Source and destination Ports

·         Protocols

Extended ACLs are applied close to the source of the traffic being filtered. These can be configured both as Named ACLs and numbered ACLs” s. The number range is 100-199 & 2000-2699

Now let’s configure an extended ACL performing the below function.

PC-VLAN 10 is allowed to access the Web pages of the web server and PC-VLAN 20 is not allowed to access the web pages on the server.



Extended ACL Router Config

We have the below configuration on the router to achieve the ACL statement.

ACL verification

PC-VLAN-10 can successfully access the web pages of the server.



PC-VLAN-20 can’t access the web pages of the server




 

 

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

OSPF Operation and Route Selection - A detailed discussion

  OSPF Routing Protocol   Abstract:               The report discusses the OSPF Routing protocol and its implementation in networks. T...