Full Explanation Of Access Control List (ACL)

Access Control Lists (ACL) is very powerful security feature of Cisco IOS. We can simply attribute ACL as a check point on our network.

By using Access Control Lists (ACL), we can deny unwanted access to the network while allowing internal users appropriate access to necessary services.

Access Control Lists (ACL) are a set of commands, grouped together (by a number or name), that are used to filter traffic entering or leaving an interface. Access Control Lists (ACL) commands define which traffic is permitted and which is denied.

We have to bear in mind that an Access Control Lists (ACL) is a group of statements that define whether packets are accepted or rejected coming into an interface or leaving an interface.

Access Control Lists (ACL) statements operate in sequential, logical order. If a condition match is true, the packet is permitted or denied and the rest of the Access Control Lists (ACL) statements are not checked.

 If all the Access Control Lists (ACL) statements are unmatched, an implicit “deny any” statement is placed at the end of the list by default. Access list statements operate in sequential, logical order and they evaluate packets from the top down.

Once there is an access list statement match, the packet skips the rest of the statements. If a condition match is true, the packet is permitted or denied.

You should remember that there is an implicit “deny any” at the end of every Access Control Lists (ACL).

We can classify Access Control Lists (ACL) as

• Numbered and Named Access Control Lists (ACL): A Numbered ACL is assigned a unique number among all Access Control Lists (ACL), but a Named Access Control Lists (ACL) is identified by a unique name.

• Standard and Extended Access Control Lists (ACL): Standard IP Access Control Lists (ACL) can be used filter traffic only based on the source IP address of the IP datagram packet. An extended Access Control Lists (ACL) can be used to filter traffic based on Source IP address, Destination IP address, Protocol (TCP, UDP etc), Port Numbers etc.

The following table shows the Access Control Lists (ACL) Types and related Numbers which can be used to number an Access Control Lists (ACL)

Access Control Lists (ACL) Type Access Control Lists (ACL) Numbers
IP Standard 1–99, 1300–1999
IP Extended 100–199, 2000–2699

This above table means that if you want to create a standard IP Access Control List (ACL) use an Access Control List (ACL) number between 1–99 or 1300–1999.

If you want to create an extended IP Access Control List (ACL) use an Access Control List (ACL) number between 100–199 or 2000–2699.

Leave a Reply

Your email address will not be published. Required fields are marked *