Access control lists (ACLs) allow network administrators to control network access by denying unwanted traffic while permitting necessary internal access. ACLs provide more flexible traffic filtering than general security tools through lists that sequentially permit or deny addresses, protocols, ports and other criteria. For example, an administrator can use an ACL to allow user Internet access but block external telnet access to the internal network. Standard ACLs filter based on source IP addresses and are applied near destinations, while extended ACLs can also filter destination addresses, protocols and port numbers and are applied near sources.

1. Access Control Lists (ACLs)
By Faiza Akram

2. ACL
• Network administrators must figure out how to deny unwanted
access to the network while allowing internal users appropriate
access to necessary services.
• Although security tools, such as passwords, callback equipment, and
physical security devices are helpful, they often lack the flexibility of
basic traffic filtering and the specific controls most administrators
prefer.

3. • For example, a network administrator may want to allow user access
to the Internet, but not permit external users telnet access into the
LAN.
• Routers provide basic traffic filtering capabilities, such as blocking
Internet traffic, with access control lists (ACLs).
• An ACL is a sequential list of permit or deny statements that apply to
addresses or upper-layer protocols.

4. Types of ACLs
Standard ACLs (1-99)
• Can only filter on source IP addresses
• Applied near to destination
Extended ACLs (100-199)
• Can filter on:
• Source IP address
• Destination IP address
• Protocol (TCP,UDP)
• Port Number (Telnet –23, http –80,etc.)
• Applied near to source

5. ACL Operation

6. What is wildcard mask