Cisco Access List Configuration for Network Traffic Control

Verified

Added on 2022/08/17

AI Summary

This assignment provides a comprehensive overview of Cisco Access List (ACL) configuration, a crucial aspect of network security and traffic management in Cisco devices. It begins with an introduction to ACLs, explaining their function in controlling data traffic flow. The document details the mechanism of ACLs, including packet filtering, proxy services, and stateful inspection. It then explores the operation of ACLs, including the implicit deny rule and the different types of IPv4 and IPv6 ACLs, such as standard and extended ACLs, and also covers wildcard masking. Furthermore, the assignment outlines general guidelines for ACL configuration, including the '3 Ps' principle and the placement of ACLs for optimal efficiency. It also provides internal logic rules and verification commands for ACL implementation. The document concludes with a bibliography of relevant sources.

CISCO ACCESS LIST
CONFIGURATION
NAME OF THE STUDENT
NAME OF THE UNIVERSITY

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Overview
 Access control list is used for controlling the data traffic flow in and out
the cisco device.
 These are the lists that are built using a set of permissible or denied
actions and configured or affecting the packets that are needed to be
allowed or dropped.
 ACL are of different types and can be defined using ACL no. or using
syntax in case of named ACL.

Access List Configuration
 A standard ACL can be created for providing the router the ability to
match the traffic depending on the source address of the data traffic.
This has some limitation, but it is used is many situations.
 The command used for standard ACL is:
 Router (config)#access-list access-list-number {permit | deny} {source
[source-wildcard] | host hostname | any}
 Router (config)#ip access-list standard {access-list-name}

Mechanism
 Three types of filtering mechanism can be used:
 Packet filtering – Data flow consisting of packets of information and an
analysis is made by the firewall for analyzing the packets and sniffing
the unwanted or offensive packets depending on the set rule. The each
of the packet entering or leaving is looked depending on user defined
rules.
 Proxy service – It is used as a gateway type for hiding true network
address connected through it.
 Stateful inspection – it is used for comparing certain key parts of data
packet for the database of trusted information.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Operation of ACL
 An implicit deny is the last statement of an ACL and it is inserted
automatically at the end of ACL even it is not present physically.
 The implicit deny blocks the data traffic and due to this an ACL that
does not have any permit statement would block all the traffic.

Types of ACL in Ipv4
 Standard ACLs
 - It filters the data packet based on the source address
 Extended ACLs
 - It uses different attributes like:
 - IP address of source and destination
 - TCP and UDP ports of source and destination
 - Type of protocol or number

ACL wildcard masking
 Subnet mask and wildcard mask differs in the process of matching the
0s and 1s in binary.
 The below rules are used for matching 0s and 1s in binary:
 Mask bit 0 – It matches corresponding value of bit in the address
 Mask bit 1 – It ignores corresponding value of bit in the address
 Example for Matching Range:
Range needed to be restricted: 172.16.0.0 – 172.31.255.255
IP Address: 172.16.0.0
Wildcard Mask: 0.15.255.255

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

General Guidelines
 3 Ps
 1 ACL / protocol – An ACL is needed to be defined for a protocol that is
enabled on the interface for controlling the traffic flow
 1 ACL / direction – An ACL is needed to be in one direction at a time
that is enabled on the interface for controlling the traffic flow. For
controlling the inbound and outbound traffics two ACLs are needed to
be created
 1 ACL / interface – An ACL is needed to be applied to an interface for
controlling the traffic flow

Placement of ACLs
 The impact on efficiency is needed to be pointed out for the placement
of ACL and the following rules are needed to be followed:
 Standard ACLs – It is needed to be placed close to the destination since
the destination address is not specified.
 Extended ACLs – It is needed to be located as close as possible to the
source of the data traffic that is needed to be filtered

Internal Logic
 Rule#1:
Something that is already permitted cannot be denied
 Rule#2:
Something that has been already denied cannot be permitted
 Rule#3:
If nothing is permitted no data packet would pass
 Rule#4:
If the ACL is not applied to the interface it cannot do anything

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Verification of ACL
 The following commands can be used for application and verification of
ACL
 Access-list 1 deny host <ip-address>
 Access-list 1 permit any
 Interface g0/0
 Ip access-group 1 in
 Verification
 Show access-lists
 Show ip int g0/0

Types of IPv6 ACL
 Ipv4 ACLs
 Standard
 Named
 Numbered
 Extended
 Named
 Numbered
 Ipv6 ACLs
 Name only
 Same functionality as Ipv4 extended ACL

Bibliography
 Alani, M.M., 2017. Remote Connectivity to Cisco Router. In Guide to Cisco Routers
Configuration (pp. 207-217). Springer, Cham.
 Alani, M.M., 2017. Guide to Cisco routers configuration: becoming a router geek.
Springer.
 Hamdan, M., 2016. Cisco ASA firewall commands line technical guide.
 Hidayat, A.S., 2017. WILDCARD MASK SEBAGAI FILTERING IP ADDRESS
MENGGUNAKAN METODE ACCESS LIST CONTROL PADA ROUTER CISCO. Jurnal Teknik
Komputer, 3(1), pp.60-73.
 Hossain, M., 2018. Cisco Certified Network Associate (CCNA).
 Suman, S. and Agrawal, E.A., 2016. IP traffic management with access control list
using cisco packet tracer. International Journal of Science, Engineering and
Technology Research (IJSETR) Volume, 5, pp.1556-1561.