Uploaded byNetProtocol Xpert
Types of ACLs
There are two types of access control lists (ACLs): standard ACLs and extended ACLs. Standard ACLs filter based only on the source IP address and are less processor intensive, while extended ACLs allow filtering on source/destination IP addresses, protocols, and ports to provide more granular control but require more processing power. Both can be used to restrict access to sensitive servers and resources like allowing only management network users to access an important documents server.
More Related Content
![Access control list [1]](https://cdn.slidesharecdn.com/ss_thumbnails/accesscontrollist1-180206052429-thumbnail.jpg?width=640&height=640&fit=bounds)
More from NetProtocol Xpert
Types of ACLs
- 1.
- 2. There aretwo types of access lists: 1. standard access lists - With standard access lists, you can filter only on the source IP address of a packet. These types of access list are not as powerful as extended access lists, but they are less processor intensive for the router.
- 3. The following exampledescribes the way in which standard access lists can be used.
- 4. Let's saythat server S1 holds some important documents that need to be available only to company's management. We could configure an access list on R1 to enable access to S1 only to users from the management network. All other traffic going to S1 will be blocked. This way, we can ensure that only authorized user can access sensitive files on S1.
- 5. 2. extended accesslists - With extended access lists, you can be more precise in your filtering. You can evaluate source and destination IP addresses, type of layer 3 protocol, source and destination port... Extended access lists are harder to configure and require more processor time than the standard access lists, but they allow a much more granular level of control.
- 6. To demonstrate theconcept, we will use the following example.
- 7. We haveused the standard access list to prevent all users to access server S1. But, with that configuration, we have also disable access to S2! To be more specific, we can use extended access lists. Let's say that we need to prevent users from accessing server S1. We could place an extended access list on R1 to prevent users from accessing S1. That why, no other traffic is forbidden, and users can still access the other server, S2: