Question

. Explain the purpose of ACL's filter capability

Answer 1

Access Control Lists are basically network traffic filters that arranges and monitors the incoming and outgoing traffic. It is a set of rules that provides an information on restricting, blocking or allowing the packets at router's interface. When the set of rules at ACL are provided , the flowing traffic will be compared with ACL rules, which either allows or restricts its.

The main purpose of using this tool is to provide security against unwanted or dangerous traffic. For example: we can define rule to disallow specific routing updates or control traffic flow. This helps in increased security with the use of ACL.

Also, with the use of ACL, we can filter the packets for a single pr group of IP address or protocols such as TCP etc.

Therefore, rather than blocking someone's access, we can disallow the network or restrict the access. Plus, the access can also be filtered like blocking everything except some networks.

Edge Routers is considered a reliable place to configure an ACL.

There are eight components of ACL that are guidelines for filtering the traffic.

1) Sequence Number - ACL entry is identified with the help of sequence number. So, it is an important part to define sett of rules.

2) ACL Name - ACL rule can be defined by using ACL name. For example: combination of letters and numbers are allowed sometimes instead of numbers.

3) Remark - The remark field allows to add detailed explanation or description into an ACL.

4) Statement - The purpose of this component is to deny or allow specific source on the basis of address or wildcard mask.

5) Network Protocol - Various network protocols such as IP, IPX, TCP, UDP etc. can be specified whether to allow them or restrict them.

6) Source or destination - Usin this component, access can be restricted by defining source target as single IP or ll addresses.

7)Log - Some devices allow to keep logs when the matches are found in ACL.

8) Other Criteria - The advanced feature allows various other criteria to control traffic through Type of Service, IP precedence etc.