Industry News
0102030405
What is ACL? Let you read ACL
2023-12-08
What is ACL
Access control list (ACL) is an access control technology based on packet filtering. It can filter the data packets on the interface according to the set conditions and allow them to pass or discard. Access control list is widely used in routers and three-layer switches. With the help of access control list, users' access to the network can be effectively controlled, so as to ensure network security to the greatest extent. Cheng office, smart city, etc. seize the development opportunity to expand and strengthen the industry.
Role of ACL
ACL is the basic means to provide network security access. ACL allows host a to access HR network, but denies host B access.
ACL can limit network traffic and improve network performance. For example, ACL can specify the priority of packets according to the protocol of packets.
The ACL can determine which type of traffic is forwarded or blocked at the router port. For example, users can allow e-mail traffic to be routed and reject all telnet traffic.
ACL provides control means for communication flow. For example, ACL can limit or simplify the length of routing update information, so as to limit the traffic through a network segment of the router.
For example, if a department requires that it can only use the function of WWW, it can be realized through ACL; For another example, for the confidentiality of a department, it is not allowed to access the external network or the external network, which can be realized through ACL.
ACL classification
In fact, according to the different functions of ACL rules, ACLS are divided into five types: basic ACL, advanced ACL, layer-2 ACL, user-defined ACL and user ACL. The number range corresponding to each type of ACL is different. ACL 2000 belongs to basic ACL and ACL 3998 belongs to advanced ACL. Advanced ACL can define more accurate, richer and more flexible rules than basic ACL, so the function of advanced ACL is more powerful.
ACL provides control means for communication flow. For example, ACL can limit or simplify the length of routing update information, so as to limit the traffic through a network segment of the router.
For example, if a department requires that it can only use the function of WWW, it can be realized through ACL; For another example, for the confidentiality of a department, it is not allowed to access the external network or the external network, which can be realized through ACL.
ACL classification
In fact, according to the different functions of ACL rules, ACLS are divided into five types: basic ACL, advanced ACL, layer-2 ACL, user-defined ACL and user ACL. The number range corresponding to each type of ACL is different. ACL 2000 belongs to basic ACL and ACL 3998 belongs to advanced ACL. Advanced ACL can define more accurate, richer and more flexible rules than basic ACL, so the function of advanced ACL is more powerful.
ACL can be used in many situations, and the most common applications are as follows:
1. Filter the routing information transmitted between neighbor devices.
2. Control exchange access to prevent illegal access to the device, such as control of console interface, telnet or SSH access.
3. Control traffic and network access across network devices.
4. Protect the router by restricting access to some services on the router, such as HTP, SNMP and nip.
5. Define streams of interest for DDR and IPSec VPN.
6. QoS (quality of service) features can be implemented in IOS in a variety of ways.
7. Extended application in other security technologies, such as TCP * * * * and IOS firewall.
Correct placement of ACL
Placing ACLS in appropriate locations can filter out unnecessary traffic and make the network more efficient. ACLS can act as firewalls to filter packets and remove unnecessary traffic. The location of ACL determines whether it can effectively reduce unnecessary traffic. For example, traffic that will be rejected by a remote destination should not consume network resources on the path to the destination.
Each ACL should be placed where it works best. The basic rules are:
Extend the ACL as close as possible to the source where you want to deny traffic. In this way, unwanted traffic can be filtered out before it flows through the network.
Role of ACL
ACL is the basic means to provide network security access. ACL allows host a to access HR network, but denies host B access.
ACL can limit network traffic and improve network performance. For example, ACL can specify the priority of packets according to the protocol of packets.
The ACL can determine which type of traffic is forwarded or blocked at the router port. For example, users can allow e-mail traffic to be routed and reject all telnet traffic.
ACL provides control means for communication flow. For example, ACL can limit or simplify the length of routing update information, so as to limit the traffic through a network segment of the router.
For example, if a department requires that it can only use the function of WWW, it can be realized through ACL; For another example, for the confidentiality of a department, it is not allowed to access the external network or the external network, which can be realized through ACL.
ACL classification
In fact, according to the different functions of ACL rules, ACLS are divided into five types: basic ACL, advanced ACL, layer-2 ACL, user-defined ACL and user ACL. The number range corresponding to each type of ACL is different. ACL 2000 belongs to basic ACL and ACL 3998 belongs to advanced ACL. Advanced ACL can define more accurate, richer and more flexible rules than basic ACL, so the function of advanced ACL is more powerful.
ACL provides control means for communication flow. For example, ACL can limit or simplify the length of routing update information, so as to limit the traffic through a network segment of the router.
For example, if a department requires that it can only use the function of WWW, it can be realized through ACL; For another example, for the confidentiality of a department, it is not allowed to access the external network or the external network, which can be realized through ACL.
ACL classification
In fact, according to the different functions of ACL rules, ACLS are divided into five types: basic ACL, advanced ACL, layer-2 ACL, user-defined ACL and user ACL. The number range corresponding to each type of ACL is different. ACL 2000 belongs to basic ACL and ACL 3998 belongs to advanced ACL. Advanced ACL can define more accurate, richer and more flexible rules than basic ACL, so the function of advanced ACL is more powerful.
ACL can be used in many situations, and the most common applications are as follows:
1. Filter the routing information transmitted between neighbor devices.
2. Control exchange access to prevent illegal access to the device, such as control of console interface, telnet or SSH access.
3. Control traffic and network access across network devices.
4. Protect the router by restricting access to some services on the router, such as HTP, SNMP and nip.
5. Define streams of interest for DDR and IPSec VPN.
6. QoS (quality of service) features can be implemented in IOS in a variety of ways.
7. Extended application in other security technologies, such as TCP * * * * and IOS firewall.
Correct placement of ACL
Placing ACLS in appropriate locations can filter out unnecessary traffic and make the network more efficient. ACLS can act as firewalls to filter packets and remove unnecessary traffic. The location of ACL determines whether it can effectively reduce unnecessary traffic. For example, traffic that will be rejected by a remote destination should not consume network resources on the path to the destination.
Each ACL should be placed where it works best. The basic rules are:
Extend the ACL as close as possible to the source where you want to deny traffic. In this way, unwanted traffic can be filtered out before it flows through the network.