How to configure an ACL for a cisco Router

This article describes in detail how to configure an ACL from the basic concepts, usage principles, and access time.

If someone says that a route switch device is mainly used for routing and switching, it must be a layman only when it is used for routing and switching data packets.

We can use a common HUB only to exchange data packets. If we only use the routing function, we can select a WINDOWS Server for remote routing access configuration.

In fact, there is another use of routers and switches, that is, network management. It is essential for every network administrator to learn how to conveniently and effectively manage networks through hardware devices. Today, we will briefly introduce the configuration methods and commands of the access control list on the CISCO Route switch device.

What is ACL?

The access control list is short for ACL. the access control list uses packet filtering technology to read the information in the third-layer and fourth-layer headers on the vro, such as the source address, Destination Address, source port, and destination port, filter packets according to predefined rules to achieve access control. This technology was initially supported only on routers. In recent years, it has been extended to layer-3 switches, and some of the latest layer-2 switches have begun to support ACL.

Access Control List usage principles

Because the configuration commands involved in the ACL are flexible and powerful, we cannot use only one small example to fully master the configuration of all ACLs. Before introducing the example, we will list the ACL setting principles for you to better digest your ACL knowledge.

Standard access list:

There are many types of access control list ACLs. Different types of ACLs are applied in different scenarios. The simplest is the standard access control list. The standard access control list uses the source IP address in the IP package for filtering and uses the access control list numbers 1 to 99 to create the corresponding ACL.

√ Standard Access Control List format

√ Standard access control list instance 1

√ Standard access control list instance 2

Extended access control list:

The standard access control list we mentioned above is based on IP addresses for filtering and is the simplest ACL. What if we want to refine the filter to the port? Or you want to filter the destination address of the data packet. In this case, you need to use the extended access control list. Using the Extended IP address access list can effectively allow users to access the physical LAN, rather than allowing them to use a specific service such as WWW and FTP ). The ACL number used by the extended access control list is 100 to 199.

√ Extended Access Control List format

√ Extended access control list instance

Name-Based Access Control List

Either the standard access control list or the extended access control list has a drawback, that is, when an ACL rule is set, a problem occurs, you can only delete all the ACL information if you want to modify or delete it. That is to say, modifying or deleting one will affect the entire ACL list. This shortcoming affects our work and brings us a heavy burden. However, we can use the name-Based Access Control List to solve this problem.

√ Name-Based Access Control List

Reverse Access Control List:

In addition to rationally managing network access, we also use the access control list to prevent viruses. We can filter ports that are commonly used for virus spreading, discard the packets that use these ports. This effectively prevents virus attacks.

However, even the scientific Access Control List Rules may be ineffective due to the spread of unknown viruses. After all, we cannot estimate the ports used by unknown viruses, in addition, as the number of defense viruses increases, there will be too many access control list rules, which affects the speed of network access to a certain extent. In this case, we can use the Reverse Control List to solve the above problems.

√ Purpose and format of the reverse Access Control List

√ Reverse Access Control List configuration instance

Time-Based Access Control List:

We have introduced the standard ACL and extended ACL above. In fact, we have mastered these two access control lists to meet most of the requirements for filtering network packets. However, in practice, there will always be some demanding requirements. In this case, we still need to master some advanced skills about ACL. Time-based access control lists are one of the advanced techniques.

√ Time-based Access Control List

√ Time-based Access Control List configuration instance

Access Control List traffic records

The network administrator must be able to manage the company's network reasonably. As the saying goes, "Know Yourself And know yourself" can win a hundred battles. Therefore, effective recording of ACL traffic information can immediately learn about network traffic and virus transmission methods. The following article briefly introduces how to save the traffic information of the Access Control List by adding the LOG command at the end of the extended ACL rule.

√ Access Control List traffic record