Which type of access list limits the description of traffic by source address?
Networks tend to be vulnerable (to security risks) due to the incoming and outgoing unwanted and dangerous traffic. A security mechanism is needed to control the flow of traffic and provide a secure remote administrative access. We can do this by restricting, permitting, and denying unnecessary traffic. Show This article will cover how the Access Control Lists (ACLs) can be used to control traffic flow by filtering all the incoming and outgoing packets. We use various types of control lists and we will go over how they can be used to configure the ACLs on the router interface. Table of contents
PrerequisitesTo follow along with this tutorial, the reader should:
Go to this page to download and install the Cisco packet tracer on your PC. Terminologies
By default, the ACLs are not configured on the routers, so the network user has to configure each of the router’s interfaces.
Access Control List operationsOnce a particular ACL is configured on an interface, it follows an operational procedure to filter the traffic flowing into the router.
Access Control Lists typesThere are two types of Access Control Lists: numbered and named ACLs.
Both the named and numbered ACLs are divided into two categories:
They range from 100-199 and are implemented closest to the source to block a selected number of services specified by the network administrator. A command access list is used to show the available ACLs that can be configured on the router interface.
Access Control Lists tasksRouters use ACLs to perform the following tasks:
Access Control List configurationMoving on, we will learn how to create and configure standard 0For instance, we have an access list called PERMIT-ACCESS of a standard type.
For the numbered ACL, we use; 1For instance, we have created ACL 10 which permits a particular host to the internet.
Let’s consider the Local Area Network below: We will create one numbered ACL, ACL 20 that denies host 192.168.10.10 but permits all other hosts on network 192.168.10.0/24. Start by configuring the ACL 20 ACE that denies the 192.168.10.10 host using the 2 keyword, then create the ACL that permits all other hosts.
Since ACL 20 only apply to traffic from LAN 1, the ACL can be applied to the incoming traffic to the G0/0/0 R1’s interface. Enter interface G0/0/0 mode, apply ACL 20 inbound and return to global configuration mode.
We will then create a named standard ACL that permits host 192.168.10.10 but denies all other hosts on network 192.168.20.0/24. Start by creating a named standard ACL named LAN2-FILTER.
Create an ACE that permits host 192.168.10.10, and deny all other hosts using the 3 keyword.
The LAN2-FILTER will be applied to the outgoing traffic to LAN 2. Enter interface G0/0/1 mode, apply ACL LAN2-FILTER outbound and return to global configuration mode.
ConclusionAs we have seen, Access Control Lists play a crucial role in traffic flow control and the network’s security at large. This makes the network less vulnerable to unwanted and dangerous traffic. Which type of accessExtended ACL
An access-list that is widely used as it can differentiate IP traffic. It uses both source and destination IP addresses and port numbers to make sense of IP traffic. You can also specify which IP traffic should be allowed or denied. They use the numbers 100-199 and 2000-2699.
What are the limitations of access control lists?Implementations explored are matrices, access control lists (ACLs) capability lists, role based transactionsDomain Types. Limitations covered include scalability, sparse matrices, “safety” problem, complexity, maintenance, and development costs.
Which ACL is used for filtering traffic based on source IP only?MAC ACLs are used to filter traffic on a specific source MAC address or range of MAC addresses. MAC ACLs can be either named or numbered, with valid numbers in the range of 700-799 and 1200-1299. Standard ACLs permit or deny traffic based on the source IP address of the packet.
Which type of accessStandard access lists can filter on source address. Extended access lists can filter ICMP, IGMP, or IP protocols at the Network layer. ICMP can be filtered based on the specific message.
|