ACL-Access List

ACL-Access List

ACL is used to maintenance that which traffics should be passed on an interface and which traffics should not.  

·         Controlling of outgoing and incoming traffics on an interface.

·         Controlling of virtual terminal access (Telnet)

·         They are specified by either  name or number

·         Prior to Cisco’s IOS version 11.2, ACL could be specified only by number.

·         It is a sequential collection of permit deny criteria that are checked against IP packets

·         Wildcard Mask must me assigned

o   0 in wildcard mask means: allow

o   255 means: don’t care

Basically there are two kinds of ALCs

1.     Standard ACL

a.      The source IP address is determined for matching criteria, not destination IP Address.

b.      1-99

c.       1300 – 1999 (IOS 12.0 and above)

2.     Extended ACL

a.      Determined Source and Destination IP addresses

b.      100 – 199

c.       2000 – 2699 (IOS 12.0 and above)

Applying ACL:

They can be applied either to the:

·         Outbound interface a router

·         Inbound interface of a router

Standard ACLs within Number:

Example; create an ACL that: permit any IP address that are sourced from subnet mask 172.16.10.0 255.255.255.0

R1(config)# acces-list number Permit/deny Source_IP wildcard_mask

R1(config)# access-list 1 permit 172.16.10.0 0.0.0.255

If we determine a single IP address, it can be done in two ways:

R1(config)# access-list 1 permit 172.16.10.250 0.0.0.0

R1(config)# access-list 1 permit 172.16.10.250

R1(config-if)ip address 10.10.10.1 255.0.0.0

R1(config-if) ip access-group 1 in or out

Standard ACLs within Name:

R1(config)# ip access-list standard Test permit 172.16.10.0 0.0.0.255

ACL Remark:

IOS version 12.0(T) supports remarks (comments) and 100 characters are allowed.

R1(config)# access-list 1 remark permit only traffic from Corporate network is allowed

R1(config)# access-list 1 permit 172.16.10.0 0.0.0.255

NAT (Network Address Translation)