Learn more about the ACL of the Cisco router configuration

Source: Internet
Author: User

After contacting the Cisco router configuration manual, you have a preliminary understanding of the Cisco router configuration details. The following article introduces the basic knowledge about ACL, this helps you learn relevant content more easily.

Cisco router configuration details: What is ACL?

The access control list is short for ACL. the access control list uses packet filtering technology to read the information in the third-layer and fourth-layer headers on the vro, such as the source address, Destination Address, source port, and destination port, filter packets according to predefined rules to achieve access control. This technology was initially supported only on routers. In recent years, it has been extended to layer-3 switches, and some of the latest layer-2 switches have begun to support ACL.

Because the command details about the Cisco router configurations involved in the ACL are flexible and powerful, we can't just use a small example to fully master the configuration of all ACLs. Before introducing the example, we will list the ACL setting principles for you to better digest your ACL knowledge.

There are many types of access control list ACLs. Different types of ACLs are applied in different scenarios. The simplest is the standard access control list. The standard access control list uses the source IP address in the IP package for filtering and uses the access control list numbers 1 to 99 to create the corresponding ACL.

The standard access control list we mentioned above is based on IP addresses for filtering and is the simplest ACL. What if we want to refine the filter to the port? Or you want to filter the destination address of the data packet. In this case, you need to use the extended access control list. Using the Extended IP address access list can effectively allow users to access the physical LAN, rather than allowing them to use a specific service such as WWW and FTP ). The ACL number used by the extended access control list is 100 to 199.

Both the standard access control list and the extended access control list have drawbacks. Cisco router configuration details: When an ACL rule is set, a problem occurs, you can only delete all the ACL information if you want to modify or delete it. That is to say, modifying or deleting one will affect the entire ACL list. This shortcoming affects our work and brings us a heavy burden. However, we can use the name-Based Access Control List to solve this problem.

In addition to rationally managing network access, we also use the access control list to prevent viruses. We can filter ports that are commonly used for virus spreading, discard the packets that use these ports. This effectively prevents virus attacks.

However, even the scientific Access Control List Rules may be ineffective due to the spread of unknown viruses. After all, we cannot estimate the ports used by unknown viruses, in addition, as the number of defense viruses increases, there will be too many access control list rules, which affects the speed of network access to a certain extent. In this case, we can use the Reverse Control List to solve the above problems.

We have introduced the standard ACL and extended ACL above. In fact, we have mastered these two access control lists to meet most of the requirements for filtering network packets. However, in practice, there will always be some demanding requirements. In this case, we still need to master some advanced skills about ACL. Time-based access control lists are one of the advanced techniques.

The network administrator must be able to manage the company's network reasonably. As the saying goes, "Know Yourself And know yourself" can win a hundred battles. Therefore, effective recording of ACL traffic information can immediately learn about network traffic and virus transmission methods. The following article briefly introduces how to save the traffic information of the Access Control List by adding the LOG command at the end of the extended ACL rule. I hope you will pay attention to the subsequent sections of the Cisco router configuration explanation.

  1. A comprehensive description of Network Fault Diagnosis Methods
  2. Knowledge of nine Cisco Routers
  3. Home wireless router Common Faults
  4. How to improve the security of Cisco router Remote Management
  5. Discussion on data transmission in basic router configuration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.