Overblog
Edit post Follow this blog Administration + Create my blog
Cisco & Cisco Network Hardware News and Technology

Cisco Access Control Lists (ACLs)

February 13 2014 , Written by Cisco & Cisco Router, Network Switch Published on #Cisco & Cisco Network

Access control lists (ACLs) can be used for two purposes on Cisco devices: to filter traffic and to identify traffic.

Cisco provides basic traffic filtering capabilities with access control lists (also referred to as access lists). Access lists can be configured for all routed network protocols (IP, AppleTalk, and so on) to filter the packets of those protocols as the packets pass through a router.

You can configure access lists at your router to control access to a network: access lists can prevent certain traffic from entering or exiting a network.

Access lists filter network traffic by controlling whether routed packets are forwarded or blocked at the router's interfaces. Your router examines each packet to determine whether to forward or drop the packet, on the basis of the criteria you specified within the access lists.

Access list criteria could be the source address of the traffic, the destination address of the traffic, the upper-layer protocol, or other information.

Note that sophisticated users can sometimes successfully evade or fool basic access lists because no authentication is required.

Why do you need to configure Cisco ACLs? For example, you can use access lists to restrict contents of routing updates or to provide traffic flow control. One of the most important reasons to configure access lists is to provide security for your network.

You should use access lists to provide a basic level of security for accessing your network. If you do not configure access lists on your router, all packets passing through the router could be allowed onto all parts of your network.

Access lists can allow one host to access a part of your network and prevent another host from accessing the same area. In the follow-up figure, host A is allowed to access the Human Resources network, and host B is prevented from accessing the Human Resources network.

Using-Traffic-Filters-to-Prevent-Traffic-from-Being-Routed-.jpg

You can also use access lists to decide which types of traffic are forwarded or blocked at the router interfaces. For example, you can permit e-mail traffic to be routed, but at the same time block all Telnet traffic.

Access lists should be used in "firewall" routers, which are often positioned between your internal network and an external network such as the Internet. You can also use access lists on a router positioned between two parts of your network, to control traffic entering or exiting a specific part of your internal network.

To provide the security benefits of access lists, you should at a minimum configure access lists on border routers—routers situated at the edges of your networks. This provides a basic buffer from the outside network, or from a less controlled area of your own network into a more sensitive area of your network.

On these routers, you should configure access lists for each network protocol configured on the router interfaces. You can configure access lists so that inbound traffic or outbound traffic or both are filtered on an interface.

Access lists must be defined on a per-protocol basis. In other words, you should define access lists for every protocol enabled on an interface if you want to control traffic flow for that protocol.

Full Guide of Cisco Access Lists from http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfacls.html

More Related Cisco ACLs Topics:

Cisco ACL In and Out Questions

Share this post
Repost0
To be informed of the latest articles, subscribe:
Comment on this post
S
If you have installed Security Alarm System for your Residential or Commercial use you must know the Advantages of the Alarm System and how they have made your life easy and free of tension. You can monitor your place from anywhere and it will give you a peace of mind that when you are away your place is safe & have a view of whats going on.
Reply
S
With Sancuro IT ecommerce platform businesses can buy actual Remote Cisco LAN switch access list configuration within a given period of time.
Reply
S
This blog provide excellent information on Router configuration. Buy actual remote access control lists configuration for CISCO router on https://www.sancuro.com/services/cisco-router-access-control-lists-acl-configuration
Reply