CISCO Access Control List Configuration

Verified

Added on 2022/08/17

AI Summary

The command used for standard ACL is: Router ( config )#access-list access-list-number permit | deny source [source-wildcard] | host hostname | any Router ( config )# i p access-list standard access-list-name M echanism Three types of filtering mechanism can be used: Packet filtering – Data flow consisting of packets of information and an analysis is made by the firewall for analyzing the packets

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

CISCO ACCESS LIST
CONFIGURATION
NAME OF THE STUDENT
NAME OF THE UNIVERSITY

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Overview
 Access control list is used for controlling the data traffic flow in and out
the cisco device.
 These are the lists that are built using a set of permissible or denied
actions and configured or affecting the packets that are needed to be
allowed or dropped.
 ACL are of different types and can be defined using ACL no. or using
syntax in case of named ACL.

Access List Configuration
 A standard ACL can be created for providing the router the ability to
match the traffic depending on the source address of the data traffic.
This has some limitation, but it is used is many situations.
 The command used for standard ACL is:
 Router (config)#access-list access-list-number {permit | deny} {source
[source-wildcard] | host hostname | any}
 Router (config)#ip access-list standard {access-list-name}

Mechanism
 Three types of filtering mechanism can be used:
 Packet filtering – Data flow consisting of packets of information and an
analysis is made by the firewall for analyzing the packets and sniffing
the unwanted or offensive packets depending on the set rule. The each
of the packet entering or leaving is looked depending on user defined
rules.
 Proxy service – It is used as a gateway type for hiding true network
address connected through it.
 Stateful inspection – it is used for comparing certain key parts of data
packet for the database of trusted information.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Operation of ACL
 An implicit deny is the last statement of an ACL and it is inserted
automatically at the end of ACL even it is not present physically.
 The implicit deny blocks the data traffic and due to this an ACL that
does not have any permit statement would block all the traffic.

Types of ACL in Ipv4
 Standard ACLs
 - It filters the data packet based on the source address
 Extended ACLs
 - It uses different attributes like:
 - IP address of source and destination
 - TCP and UDP ports of source and destination
 - Type of protocol or number

ACL wildcard masking
 Subnet mask and wildcard mask differs in the process of matching the
0s and 1s in binary.
 The below rules are used for matching 0s and 1s in binary:
 Mask bit 0 – It matches corresponding value of bit in the address
 Mask bit 1 – It ignores corresponding value of bit in the address
 Example for Matching Range:
Range needed to be restricted: 172.16.0.0 – 172.31.255.255
IP Address: 172.16.0.0
Wildcard Mask: 0.15.255.255

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

General Guidelines
 3 Ps
 1 ACL / protocol – An ACL is needed to be defined for a protocol that is
enabled on the interface for controlling the traffic flow
 1 ACL / direction – An ACL is needed to be in one direction at a time
that is enabled on the interface for controlling the traffic flow. For
controlling the inbound and outbound traffics two ACLs are needed to
be created
 1 ACL / interface – An ACL is needed to be applied to an interface for
controlling the traffic flow

Placement of ACLs
 The impact on efficiency is needed to be pointed out for the placement
of ACL and the following rules are needed to be followed:
 Standard ACLs – It is needed to be placed close to the destination since
the destination address is not specified.
 Extended ACLs – It is needed to be located as close as possible to the
source of the data traffic that is needed to be filtered

Internal Logic
 Rule#1:
Something that is already permitted cannot be denied
 Rule#2:
Something that has been already denied cannot be permitted
 Rule#3:
If nothing is permitted no data packet would pass
 Rule#4:
If the ACL is not applied to the interface it cannot do anything

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Verification of ACL
 The following commands can be used for application and verification of
ACL
 Access-list 1 deny host <ip-address>
 Access-list 1 permit any
 Interface g0/0
 Ip access-group 1 in
 Verification
 Show access-lists
 Show ip int g0/0

Types of IPv6 ACL
 Ipv4 ACLs
 Standard
 Named
 Numbered
 Extended
 Named
 Numbered
 Ipv6 ACLs
 Name only
 Same functionality as Ipv4 extended ACL

Bibliography
 Alani, M.M., 2017. Remote Connectivity to Cisco Router. In Guide to Cisco Routers
Configuration (pp. 207-217). Springer, Cham.
 Alani, M.M., 2017. Guide to Cisco routers configuration: becoming a router geek.
Springer.
 Hamdan, M., 2016. Cisco ASA firewall commands line technical guide.
 Hidayat, A.S., 2017. WILDCARD MASK SEBAGAI FILTERING IP ADDRESS
MENGGUNAKAN METODE ACCESS LIST CONTROL PADA ROUTER CISCO. Jurnal Teknik
Komputer, 3(1), pp.60-73.
 Hossain, M., 2018. Cisco Certified Network Associate (CCNA).
 Suman, S. and Agrawal, E.A., 2016. IP traffic management with access control list
using cisco packet tracer. International Journal of Science, Engineering and
Technology Research (IJSETR) Volume, 5, pp.1556-1561.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1 out of 14

CISCO Access Control List Configuration

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Configuring and Testing Network Devices

Addressing Scheme and Basic Configuration for Campus Network

Cisco Router Network Configuration

ZZZ Network Security Implementation

Site ZZZ Network Security Implementation

Configuring TCP/IP Network with Cisco Packet Tracer

+13062052269

info@desklib.com