Raghu Kiran, profile picture
Uploaded byRaghu Kiran
PPT, PDF5,656 views

Acl

- Access control lists (ACLs) allow or deny network traffic passing through a router based on source and destination IP addresses, protocols, and port numbers. - There are two main types of ACLs: standard ACLs which filter based on source IP addresses, and extended ACLs which filter on source/destination IP addresses, protocols, and port numbers. - ACLs can be numbered or named, with named ACLs allowing selective editing of statements not possible with numbered ACLs.

Embed presentation

Downloaded 410 times
• ACL is a set of rules which will allow or deny the specific traffic moving through the router • It is a Layer 3 security which controls the flow of traffic from one router to another. • It is also called as Packet Filtering Firewall. Access Control List
Types of Access-list ACCESS-LIST NUMBERED NAMED STANDARD EXTENDED STANDARD EXTENDED
Standard Access List • The access-list number range is 1 – 99 • Can block a Network, Host and Subnet • Two way communication is stopped • All services are blocked. • Implemented closest to the destination. • Filtering is done based on only source IP address • The access-list number range is 100 – 199 • Can block a Network, Host, Subnet and Service • One way communication is stopped • Selected services can be blocked. • Implemented closest to the source. • Checks source, destination, protocol, port no Extended Access List
• Deny : Blocking a Network/Host/Subnet/Service • Permit : Allowing a Network/Host/Subnet/Service • Source Address : The address of the PC from where the request starts. • Destination address : The address of the PC where the request ends. • Inbound : Traffic coming into the interface • Outbound : Traffic going out of the interface Terminology
• All deny statements have to be given First • There should be at least one Permit statement • An implicit deny blocks all traffic by default when there is no match (an invisible statement). • Can have one access-list per interface per direction. (i.e.) Two access-list per interface, one in inbound direction and one in outbound direction. • Works in Sequential order • Editing of access-lists is not possible (i.e) Selectively adding or removing access-list statements is not possible. Rules of Access List
• Tells the router which addressing bits must match in the address of the ACL statement. • It’s the inverse of the subnet mask, hence is also called as Inverse mask. • A bit value of 0 indicates MUST MATCH (Check Bits) • A bit value of 1 indicates IGNORE (Ignore Bits) • Wild Card Mask for a Host will be always 0.0.0.0 Wild Card Mask
• A wild card mask can be calculated using the formula : Global Subnet Mask – Customized Subnet Mask ------------------------------- Wild Card Mask E.g. 255.255.255.255 – 255.255.255.240 --------------------- 0. 0. 0. 15 Wild Card Mask
Network Diagram E0 10.1.1.1/8 HYD LAN – 10.0.0.0/8 E0 20.1.1.1/8 KSA LAN – 20.0.0.0/8 E0 30.1.1.1/8 UAE LAN – 30.0.0.0/8 1.1.1.1/8 S0 S1 1.1.1.2/8 2.2.2.1/8 S0 S1 2.2.2.2/8
• The access-list number range is (1–99) & (1600- 1999) • Can block a Network, Host and Subnet • Two way communication is stopped • All services are blocked. • Implemented closest to the destination. • Filtering is done based on only source IP address Standard Access List
Creation of Standard Access List (config)# access-list <acl no> <permit/deny> <source add> <source WCM> Implementation of Standard Access List (config)# interface <interface type> <interface no> (config-if)# ip access-group <number> <out/in> To Verify : # show access-list # show access-list <no>
• The access-list number range is (100 – 199) • Can block a Network, Host, Subnet and Service • One way communication is stopped • Selected services can be blocked. • Implemented closest to the source. • Checks source, destination, protocol, port no. Extended Access List
IP TCP HTTP TELNET FTP SMTP UDP DNS TFTP DHCP NNTP ICMP PING TRACEROUTE
Operators : eq (equal to) neq (not equal to) lt (less than) gt (greater than)
Creation of Extended Access List (config)# access-list <acl no> <permit/deny> <protocol> <source add> <source WCM> <destination add> < destination WCM> <operator> <service> Implementation of Extended Access List (config)# interface <interface type> <interface no> (config-if)# ip access-group <number> <out/in>
• Access-lists are identified using Names rather than Numbers. • Names are Case-Sensitive • No limitation of Numbers here. • One Main Advantage is Editing of ACL is Possible (i.e) Removing a specific statement from the ACL is possible. (IOS version 11.2 or later allows Named ACL) Named Access List
Standard Named Access List Creation of Standard Named Access List (config)# ip access-list standard <name> (config-std-nacl)# <permit/deny> <source address> <source wildcard mask> Implementation (config)#interface <interface type><interface no> (config-if)#ip access-group <name> <out/in>
Extended Named Access List Creation of Extended Named Access List (config)# ip access-list extended <name> (config-ext-nacl)#<permit/deny> <protocol> <source add> <source WCM> <dest. add> <dest. WCM> <operator><service> Implementation (config)# interface <interface type><interface no> (config-if)#ip access-group <name> <out/in>
Acl

More Related Content

PPT
Dhcp presentation
bySaqib Malik
 
PPTX
Unit 6 : Application Layer
byChandan Gupta Bhagat
 
PPT
Icmp
byAbhishek Kesharwani
 
PPT
Internet control message protocol
byasimnawaz54
 
PPTX
VTP
byHaidar-Mohammed
 
PPTX
Transitioning IPv4 to IPv6
byJhoni Guerrero
 
PPTX
Network address translation
byMohak Kaushik
 
PPTX
VLSM & SUPERNETTING
byMonsur Ahmed Shafiq
 
Dhcp presentation
bySaqib Malik
 
Unit 6 : Application Layer
byChandan Gupta Bhagat
 
Icmp
byAbhishek Kesharwani
 
Internet control message protocol
byasimnawaz54
 
VTP
byHaidar-Mohammed
 
Transitioning IPv4 to IPv6
byJhoni Guerrero
 
Network address translation
byMohak Kaushik
 
VLSM & SUPERNETTING
byMonsur Ahmed Shafiq
 

What's hot

PPTX
Access Control List (ACL)
byISMT College
 
PDF
Access Control List & its Types
byNetwax Lab
 
PPSX
Subnetting
byselvakumar_b1985
 
PPTX
Ppt of routing protocols
byBhagyashri Dhoke
 
PPTX
Dynamic routing protocols (CCNA)
byVarinder Singh Walia
 
PPTX
Firewall in Network Security
bylalithambiga kamaraj
 
PPTX
Access control list [1]
bySummit Bisht
 
PPT
Ip address and subnetting
byIGZ Software house
 
PPTX
Mac addresses(media access control)
byIsmail Mukiibi
 
PPTX
Routing algorithm
byBushra M
 
PPTX
Simple Mail Transfer Protocol
byUjjayanta Bhaumik
 
PPTX
Subnet Masks
byswascher
 
PPTX
IP addressing seminar ppt
bySmriti Rastogi
 
PPTX
Network address translation
byVarsha Honde
 
PPTX
Routing ppt
byArpiSaxena1
 
PPT
Arp spoofing
byLuthfi Widyanto
 
PPT
CCNA Access Lists
byDsunte Wilson
 
PPT
Static Routing
byKishore Kumar
 
PPT
VLSM (1).ppt
byKrishnaMishra386849
 
PDF
IP Addressing (Subnetting, VLSM, Supernetting)
bycuetcse
 
Access Control List (ACL)
byISMT College
 
Access Control List & its Types
byNetwax Lab
 
Subnetting
byselvakumar_b1985
 
Ppt of routing protocols
byBhagyashri Dhoke
 
Dynamic routing protocols (CCNA)
byVarinder Singh Walia
 
Firewall in Network Security
bylalithambiga kamaraj
 
Access control list [1]
bySummit Bisht
 
Ip address and subnetting
byIGZ Software house
 
Mac addresses(media access control)
byIsmail Mukiibi
 
Routing algorithm
byBushra M
 
Simple Mail Transfer Protocol
byUjjayanta Bhaumik
 
Subnet Masks
byswascher
 
IP addressing seminar ppt
bySmriti Rastogi
 
Network address translation
byVarsha Honde
 
Routing ppt
byArpiSaxena1
 
Arp spoofing
byLuthfi Widyanto
 
CCNA Access Lists
byDsunte Wilson
 
Static Routing
byKishore Kumar
 
VLSM (1).ppt
byKrishnaMishra386849
 
IP Addressing (Subnetting, VLSM, Supernetting)
bycuetcse
 

Viewers also liked

PPT
Cisco ACL
byfaust0
 
PPT
Access Control List 1
byKishore Kumar
 
PPTX
Network Design on cisco packet tracer 6.0
bySaurav Pandey
 
PDF
CCNAv5 - S2: Chapter 9 Access Control Lists
byVuz Dở Hơi
 
PPTX
Basic ip traffic management with access control lists
bySourabh Badve
 
PPTX
Types of ACLs
byNetProtocol Xpert
 
PPTX
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
byDisha Bedi
 
PDF
Ten Commandments of Formal Methods: A decade later
byJonathan Bowen
 
Cisco ACL
byfaust0
 
Access Control List 1
byKishore Kumar
 
Network Design on cisco packet tracer 6.0
bySaurav Pandey
 
CCNAv5 - S2: Chapter 9 Access Control Lists
byVuz Dở Hơi
 
Basic ip traffic management with access control lists
bySourabh Badve
 
Types of ACLs
byNetProtocol Xpert
 
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
byDisha Bedi
 
Ten Commandments of Formal Methods: A decade later
byJonathan Bowen
 

Similar to Acl

PPT
Access control list 2
byKishore Kumar
 
PDF
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
byShu Shin
 
PPTX
Acl cisco
byTapan Khilar
 
PPTX
Acl cisco
byTapan Khilar
 
PPT
CCNA part 7 acl
bySandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
PPTX
ACCESS CONTROL LIST (Standard and Dynamic).pptx
byishaqictm
 
PPT
Acl
byVicky Kamboj
 
PPT
Chapter10ccna
byLakshan Perera
 
PPT
Access List. Configuration of Layer three Router Access List
byssuser58d95d
 
DOCX
Standard & Extended ACL Configuration
byMdAlAmin187
 
PDF
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
byShu Shin
 
PDF
Modul 5 access control list
bydiah risqiwati
 
PPTX
Configuring extended ACLs
byNetProtocol Xpert
 
PPTX
CCNA Access Control Lists
byNetworkel
 
DOCX
1 SEC450 ACL Tutorial This document highlights.docx
bydorishigh
 
PDF
The Role of Access Control Lists (ACLs) in CCNA Networking.pdf
bymaheshmitta2525
 
PDF
Anilnet
byAnil Sharma
 
PPT
Chapter 08 - Acl
byphanleson
 
PDF
Ip Access Lists
byCCNAResources
 
PDF
Access List in Networks
bywolverinetyagi
 
Access control list 2
byKishore Kumar
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
byShu Shin
 
Acl cisco
byTapan Khilar
 
Acl cisco
byTapan Khilar
 
CCNA part 7 acl
bySandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
ACCESS CONTROL LIST (Standard and Dynamic).pptx
byishaqictm
 
Acl
byVicky Kamboj
 
Chapter10ccna
byLakshan Perera
 
Access List. Configuration of Layer three Router Access List
byssuser58d95d
 
Standard & Extended ACL Configuration
byMdAlAmin187
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
byShu Shin
 
Modul 5 access control list
bydiah risqiwati
 
Configuring extended ACLs
byNetProtocol Xpert
 
CCNA Access Control Lists
byNetworkel
 
1 SEC450 ACL Tutorial This document highlights.docx
bydorishigh
 
The Role of Access Control Lists (ACLs) in CCNA Networking.pdf
bymaheshmitta2525
 
Anilnet
byAnil Sharma
 
Chapter 08 - Acl
byphanleson
 
Ip Access Lists
byCCNAResources
 
Access List in Networks
bywolverinetyagi
 

Recently uploaded

PDF
Risk Management and Regulatory Compliance - by Ms. Oceana Wong
byagenticroom
 
PPTX
Prelims - History and Geography Quiz - Around the World in 80 Questions - IITK
byAditya Padhi
 
PPTX
ATTENTION - PART 1.pptx cognitive processes -For B.Sc I Sem By Mrs.Shilpa Hot...
bySHILPA HOTAKAR
 
PPTX
LYMPHATIC SYSTEM.pptx it includes lymph, lymph nodes, bone marrow, spleen
byReena Yadav
 
PPTX
kklklklklklklklk;lkpoipor[3rjdkjoe99759893058085
bypreetheshparmar
 
PPTX
The hidden treasures Grade 5 Story with Motive Questions.pptx
byGildaPetillaDelaCruz
 
PDF
CXC-AD Associate Degree Handbook (Revised)
byCaribbean Examinations Council
 
PDF
Conferencia de Abertura_Virgilio Almeida.pdf
byGrupo Tordesillas
 
PDF
Integrated Circuits: Lithography Techniques - Fundamentals and Advanced Metho...
byGS Virdi
 
PDF
LH_Lecture Note on Spices , AI And Importance in Human Life.pdf
bybisensharad
 
PDF
Cattolica University - Lab Generative and Agentic AI - Mario Bencivinni
byMario Bencivinni
 
PPTX
Elderly in India: The Changing Scenario.pptx
byMonika
 
PDF
1. Doing Academic Research: Problems and Issues, 2. Academic Research Writing...
byProf. Vinod Kumar Kanvaria
 
PPTX
DEPED MEMORANDUM 089, 2025 PMES guidelines pptx
byRoseBubuli
 
PPTX
What are New Features in Purchase _Odoo 18
byCeline George
 
PPTX
Time Series Analysis - Meaning, Definition, Components and Application
bySundar B N
 
PDF
*Unit-II A (Elements of Communication & Communication Style Matrix)
bySayyadTarannum
 
PPTX
Time Series Analysis - Method of Simple Moving Average 3 Year and 4 Year Movi...
bySundar B N
 
PPTX
Photography Pillar 1 The Subject PowerPoint
bymjb77ny
 
PPTX
G-Protein-Coupled Receptors (GPCRs): Structure, Mechanism, and Functions
byAnoja Kurian
 
Risk Management and Regulatory Compliance - by Ms. Oceana Wong
byagenticroom
 
Prelims - History and Geography Quiz - Around the World in 80 Questions - IITK
byAditya Padhi
 
ATTENTION - PART 1.pptx cognitive processes -For B.Sc I Sem By Mrs.Shilpa Hot...
bySHILPA HOTAKAR
 
LYMPHATIC SYSTEM.pptx it includes lymph, lymph nodes, bone marrow, spleen
byReena Yadav
 
kklklklklklklklk;lkpoipor[3rjdkjoe99759893058085
bypreetheshparmar
 
The hidden treasures Grade 5 Story with Motive Questions.pptx
byGildaPetillaDelaCruz
 
CXC-AD Associate Degree Handbook (Revised)
byCaribbean Examinations Council
 
Conferencia de Abertura_Virgilio Almeida.pdf
byGrupo Tordesillas
 
Integrated Circuits: Lithography Techniques - Fundamentals and Advanced Metho...
byGS Virdi
 
LH_Lecture Note on Spices , AI And Importance in Human Life.pdf
bybisensharad
 
Cattolica University - Lab Generative and Agentic AI - Mario Bencivinni
byMario Bencivinni
 
Elderly in India: The Changing Scenario.pptx
byMonika
 
1. Doing Academic Research: Problems and Issues, 2. Academic Research Writing...
byProf. Vinod Kumar Kanvaria
 
DEPED MEMORANDUM 089, 2025 PMES guidelines pptx
byRoseBubuli
 
What are New Features in Purchase _Odoo 18
byCeline George
 
Time Series Analysis - Meaning, Definition, Components and Application
bySundar B N
 
*Unit-II A (Elements of Communication & Communication Style Matrix)
bySayyadTarannum
 
Time Series Analysis - Method of Simple Moving Average 3 Year and 4 Year Movi...
bySundar B N
 
Photography Pillar 1 The Subject PowerPoint
bymjb77ny
 
G-Protein-Coupled Receptors (GPCRs): Structure, Mechanism, and Functions
byAnoja Kurian
 
In this document
Powered by AI

ACL defines rules for controlling traffic flow in routers, functioning as a Layer 3 security mechanism and a packet filtering firewall.

Access Control Lists are classified into numbered and named types, and can be standard or extended for specific filtering capabilities.

Standard ACLs (1-99) block networks, hosts, and subnets based on source IP, stopping two-way communication.

Key terms: Deny, Permit, Source/Destination addresses, Inbound/Outbound traffic clarifications essential for ACL understanding.

Access list rules dictate deny statements precedence, sequential order, and limitations on interface and editing.

Wild Card Masks determine which bits in an ACL statement must match, using inverse subnet masks for specificity.

Wild Card Masks are calculated using the global and customized subnet masks, exemplifying the calculation process.

Network diagram illustrating router addresses and subnets for different locations, enhancing understanding of ACL placement.

Reiterates standard access lists (1-99) functionality in stopping communication based on source IP without service selection.

Step-by-step config commands for creating and implementing standard access lists for network security.

Outlines features of extended access lists (100-199), which can filter based on service, source, and destination criteria.

Lists common protocols applicable in ACL configurations, including TCP, UDP, HTTP, and others crucial for network traffic management.

Operators are defined for use in access lists to refine rules based on comparisons like equal to or greater than.

Detailed commands for creating extended access lists focusing on various traffic parameters and implementation procedures.

Named access lists offer case-sensitive identification, easier editing, and no numerical limitations compared to numbered lists.

Step-specific commands for establishing standard named access lists in router configurations for effective access control.

Highly detailed command procedures for crafting extended named access lists, enhancing the flexibility and management of ACL.

Acl

  • 2.
    • ACL isa set of rules which will allow or deny the specific traffic moving through the router • It is a Layer 3 security which controls the flow of traffic from one router to another. • It is also called as Packet Filtering Firewall. Access Control List
  • 3.
    Types of Access-list ACCESS-LIST NUMBEREDNAMED STANDARD EXTENDED STANDARD EXTENDED
  • 4.
    Standard Access List •The access-list number range is 1 – 99 • Can block a Network, Host and Subnet • Two way communication is stopped • All services are blocked. • Implemented closest to the destination. • Filtering is done based on only source IP address • The access-list number range is 100 – 199 • Can block a Network, Host, Subnet and Service • One way communication is stopped • Selected services can be blocked. • Implemented closest to the source. • Checks source, destination, protocol, port no Extended Access List
  • 5.
    • Deny :Blocking a Network/Host/Subnet/Service • Permit : Allowing a Network/Host/Subnet/Service • Source Address : The address of the PC from where the request starts. • Destination address : The address of the PC where the request ends. • Inbound : Traffic coming into the interface • Outbound : Traffic going out of the interface Terminology
  • 6.
    • All denystatements have to be given First • There should be at least one Permit statement • An implicit deny blocks all traffic by default when there is no match (an invisible statement). • Can have one access-list per interface per direction. (i.e.) Two access-list per interface, one in inbound direction and one in outbound direction. • Works in Sequential order • Editing of access-lists is not possible (i.e) Selectively adding or removing access-list statements is not possible. Rules of Access List
  • 7.
    • Tells therouter which addressing bits must match in the address of the ACL statement. • It’s the inverse of the subnet mask, hence is also called as Inverse mask. • A bit value of 0 indicates MUST MATCH (Check Bits) • A bit value of 1 indicates IGNORE (Ignore Bits) • Wild Card Mask for a Host will be always 0.0.0.0 Wild Card Mask
  • 8.
    • A wildcard mask can be calculated using the formula : Global Subnet Mask – Customized Subnet Mask ------------------------------- Wild Card Mask E.g. 255.255.255.255 – 255.255.255.240 --------------------- 0. 0. 0. 15 Wild Card Mask
  • 9.
    Network Diagram E0 10.1.1.1/8 HYD LAN –10.0.0.0/8 E0 20.1.1.1/8 KSA LAN – 20.0.0.0/8 E0 30.1.1.1/8 UAE LAN – 30.0.0.0/8 1.1.1.1/8 S0 S1 1.1.1.2/8 2.2.2.1/8 S0 S1 2.2.2.2/8
  • 10.
    • The access-listnumber range is (1–99) & (1600- 1999) • Can block a Network, Host and Subnet • Two way communication is stopped • All services are blocked. • Implemented closest to the destination. • Filtering is done based on only source IP address Standard Access List
  • 11.
    Creation of StandardAccess List (config)# access-list <acl no> <permit/deny> <source add> <source WCM> Implementation of Standard Access List (config)# interface <interface type> <interface no> (config-if)# ip access-group <number> <out/in> To Verify : # show access-list # show access-list <no>
  • 12.
    • The access-listnumber range is (100 – 199) • Can block a Network, Host, Subnet and Service • One way communication is stopped • Selected services can be blocked. • Implemented closest to the source. • Checks source, destination, protocol, port no. Extended Access List
  • 13.
  • 14.
    Operators : eq(equal to) neq (not equal to) lt (less than) gt (greater than)
  • 15.
    Creation of ExtendedAccess List (config)# access-list <acl no> <permit/deny> <protocol> <source add> <source WCM> <destination add> < destination WCM> <operator> <service> Implementation of Extended Access List (config)# interface <interface type> <interface no> (config-if)# ip access-group <number> <out/in>
  • 16.
    • Access-lists areidentified using Names rather than Numbers. • Names are Case-Sensitive • No limitation of Numbers here. • One Main Advantage is Editing of ACL is Possible (i.e) Removing a specific statement from the ACL is possible. (IOS version 11.2 or later allows Named ACL) Named Access List
  • 17.
    Standard Named AccessList Creation of Standard Named Access List (config)# ip access-list standard <name> (config-std-nacl)# <permit/deny> <source address> <source wildcard mask> Implementation (config)#interface <interface type><interface no> (config-if)#ip access-group <name> <out/in>
  • 18.
    Extended Named AccessList Creation of Extended Named Access List (config)# ip access-list extended <name> (config-ext-nacl)#<permit/deny> <protocol> <source add> <source WCM> <dest. add> <dest. WCM> <operator><service> Implementation (config)# interface <interface type><interface no> (config-if)#ip access-group <name> <out/in>