Access control list its rules and benefits

Access control list and its benefit

Hi Guys today I am writing about the benefit of access control list. We can use access list for many purposes. So there are few uses of the access list which following below

Access Control List
ACL are the set of rules to permit and deny packets based on source and destination IP Address, IP protocol , TCP or UDP protocol information.

Types of ACL


Standard Access List (1-99)


Extended Access List (100-199)

  • Standard Access list :
    Permits and deny packets based on source IP address  
  • Extended Access List 
    Permits and deny packets based on source and destination  IP address  and protocol information (IP, TCP, UDP)

  •  Rules for Access Lists


    One ACL is allowed per interface and protocol per direction. You can have multiple ACLs on a single device, but you can have maximum of two ACLs per interface one as inbound and other as outbound. 
     

  • As ACLS is processed from Top to bottom, ACE entries need to be planned and most restrictive entries should be in the top.  
     

  • Implicit Deny:

    An ACL must have at least one Permit statement in avoid blockage of all traffic

     


  • Egress (outbound ACL) only check the traffic traversing through the router but not the traffic originated by router itself
     

Benefits of IP Access Lists


Access control lists (ACLs) perform packet filtering to control the flow of packets through a network. Packet filtering can restrict the access of users and devices to a network, providing a measure of security. Access lists can save network resources by reducing traffic. The benefits of using access lists are as follows: 
 
 
  • Authenticate incoming rsh and rcp requests Access lists can simplify the identification of local users, remote hosts, and remote users in an authentication database that is configured to control access to a device. The authentication database enables Cisco software to receive incoming remote shell (rsh) and remote copy (rcp) protocol requests.
  • Block unwanted traffic or users
    Access lists can filter incoming or outgoing packets on an interface, thereby controlling access to a network based on source addresses, destination addresses, or user authentication. You can also use access lists to determine the types of traffic that are forwarded or blocked at device interfaces. For example, you can use access lists to permit e-mail traffic to be routed through a network and to block all Telnet traffic from entering the network.
  • Control access to vty
    Access lists on an inbound vty (Telnet) can control who can access the lines to a device. Access lists on an outbound vty can control the destinations that the lines from a device can reach.
  • Identify or classify traffic for QoS features
    Access lists provide congestion avoidance by setting the IP precedence for Weighted Random Early Detection (WRED) and committed access rate (CAR). Access lists also provide congestion management for class-based weighted fair queuing (CBWFQ), priority queuing, and custom queuing.
  • Limit debug command output
    Access lists can limit debug output based on an IP address or a protocol.
  • Provide bandwidth control
    Access lists on a slow link can prevent excess traffic on a network.
  • Provide NAT control
    Access lists can control which addresses are translated by Network Address Translation (NAT).
  • Reduce the chance of DoS attacks
    Access lists reduce the chance of denial-of-service (DoS) attacks. Specify IP source addresses to control traffic from hosts, networks, or users from accessing your network. Configure the TCP Intercept feature to can prevent servers from being flooded with requests for connection.
  • Restrict the content of routing updates Access lists can control routing updates that are sent, received, or redistributed in networks.  
source: cisco.com
 

    No comments:

    Post a Comment

    If you have any doubt please let me know.