Scribd
Upload
23 views4 pages

Cns 5

The document outlines the configuration of Access Control Lists (ACLs) using a network simulator, detailing their purpose, types, and commands for implementation. ACLs enhance security, control traffic, filter data packets, and optimize performance, with standard ACLs filtering based on source IP and extended ACLs offering more flexibility by including destination IP and protocol information. Examples of both standard and extended ACL configurations are provided to illustrate their application in network management.

Uploaded by

hariomkhaladkar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views4 pages

Cns 5

The document outlines the configuration of Access Control Lists (ACLs) using a network simulator, detailing their purpose, types, and commands for implementation. ACLs enhance security, control traffic, filter data packets, and optimize performance, with standard ACLs filtering based on source IP and extended ACLs offering more flexibility by including destination IP and protocol information. Examples of both standard and extended ACL configurations are provided to illustrate their application in network management.

Uploaded by

hariomkhaladkar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

TIB26

Hariom Khaladkar
CNS Practical No: 05

Problem Statement: Using a Network Simulator (e.g. packet tracer) Configure Router
for

b) Configure Access Control lists – Standard & Extended.

Theory

What are ACLs:

An Access Control List (ACL) is a set of rules that controls network traffic by permitting
or denying packets based on various conditions such as IP addresses, protocols, and
ports. ACLs are primarily used in routers and firewalls to enforce security policies and
optimize network traffic flow.

Why we use ACLS:

ACLs serve multiple purposes, including:


● Enhancing security – Prevent unauthorized access to resources.
● Controlling network traffic – Regulate data flow and prevent congestion.
● Filtering data packets – Allow or deny traffic based on predefined rules.
● Optimizing network performance – Reduce unnecessary traffic load.

Types of Access Control Lists

ACLs are primarily divided into two types: standard and extended. We also
differentiate between numbered and named ACLs.
Standard ACLs allow filtering traffic solely based on Layer 3 source address written
in the header of the IP (Internet Protocol) packet.
Extended ACLs filter traffic based on Layer 3 and 4 source and destination
information thus giving greater flexibility and control over network access than
standard ACLs.

Feature Standard ACL Extended ACL

Filtering Filters based only on source Filters based on source &


Criteria IP address. destination IP, port numbers, and
protocol (TCP, UDP, ICMP, etc.).

Placement Placed near the Placed near the source to filter


destination to avoid unwanted traffic as early as possible.
blocking other traffic.

Numbering 1 – 99, 1300 – 1999 100 – 199, 2000 – 2699 (expanded


Range (expanded range). range).

Use Case Basic filtering (e.g., allow or More specific filtering (e.g., block
deny traffic from a particular HTTP traffic but allow SSH).
subnet).

Network Commands to Apply ACLs

(A) Standard ACL Example

Goal: Deny traffic from 192.168.1.0/24 to a network while allowing everything else.

Router(config)# access-list 10 deny 192.168.1.0 0.0.0.255


Router(config)# access-list 10 permit any

Router(config)# interface GigabitEthernet0/0


Router(config-if)# ip access-group 10 in
Router(config-if)# exit
Explanation:

ACL 10 blocks traffic from 192.168.1.0/24 while allowing others.ip access-


group 10 in applies it to incoming traffic on Gig0/0.

(B) Extended ACL Example

Goal: Block HTTP traffic (port 80) from 192.168.1.100 to 192.168.2.200, but
allow all other traffic.

Router(config)# access-list 100 deny tcp 192.168.1.100 0.0.0.0 192.168.2.200 0.0.0.0


eq 80
Router(config)# access-list 100 permit ip any any

Router(config)# interface GigabitEthernet0/1


Router(config-if)# ip access-group 100 out
Router(config-if)# exit

Explanation:

● ACL 100 blocks only HTTP traffic (port 80) from 192.168.1.100 to
192.168.2.200.
● permit ip any any ensures other traffic isn't blocked.
● Applied outbound on Gig0/1.

Network
Router 2

You might also like