What is an Access Control List (ACL)?
An Access Control List (ACL) is an ordered set of rules for filtering traffic. Access control lists can be used to filter incoming or outgoing packets on an interface to control traffic. Access lists also help in defining the types of traffic that should be allowed or blocked at device interfaces. For example, if you wish to permit e-mail traffic to be routed and block the TELNET traffic from entering a network, an Access Control List can be used. Access Control Lists play a major role in controlling bandwidth bottlenecks and is crucial for every organization to maintain a consistent network performance.
Access Control List (ACL) in Networking
In a network environment which consists of a large number of employees and network devices, there will be a lot of incoming and outgoing data traffic. This leads to bandwidth bottlenecks, which in turn affects the transmission of important data. In order to control this, you need to identify the network devices which consume a lot of bandwidth using a traffic monitoring tool. Once the devices are identified, you can apply the 'Access control list' (ACL) policies on the network devices to determine the priority of data during transmission. Network Configuration Manager serves this purpose since it allows you to apply ACL policies in multiple devices by bulk execution of configlets.
Now let us see certain guidelines to follow while configuring Acess Contol Lists:
ACL Configuration Guidelines
- Only one ACL per interface, per protocol, per direction is allowed.
- ACLs are processed top-down; the most specific statements must go at the top of the list. Once a packet meets the ACL criteria, the ACL processing stops and the packet is either permitted or denied.
- ACLs are created globally and then applied to interfaces.
- An ACL can filter traffic going through the router, or traffic to and from the router.
How to configure Access Control List in Cisco IOS Router
It is important to configure an access list before applying it is pushed to the network devices. If the access list is not configured, then all the traffic will be permitted. Here, we have taken three examples to explain how different types of access lists can be pushed to a Cisco router using Network Configuration Manager.
Example 1: If you want to block icmp traffic from any network but allow IP traffic, the following configuration commands can be used:
Example 2: If you wish to permit traffic between any two specific IP addresses, you can specify the necessary IP addressees. Further, you can also specify the transmission type as ip, tcp, icmp, udp, etc,. The terminal given below shows the configuration between two specific IPs along with the transmission type.
Example 3: If you wish to permit traffic from ip addresses which fall within a particular range, you can do so by specifying the start IP and the end IP. Thus, you can ensure that all the IP ranges which fall in between receives and transmits data traffic. The terminal given below shows the configuration of ACL commands to permit traffic in all the IP's falling within a particular range.
These terminals show the sample configuration commands that will be executed in a TELNET or a putty. The corresponding configlet commands for executing ACL commands in Network Configuration Manager is given in the slider:
ACL - Permit icmp and block ip
ACL - Permit traffic between two ip's
ACL - Permit traffic for an IP range
Executing ACL in Network Configuration Manager
Access Control List commands can be executed in Network Configuration manager using Configlets.
The user can select the most suitable type of access control list based on their network needs. Network Configuration Manager primarily uses script execution mode to carry out ACL commands. Once the suitable ACL commands are entered in the "Configlet Content" box, that particular configlet can be pushed to multiple devices in bulk.Thus, Network Configuration Manager helps to keep network traffic under control along with saving users from manually executing commands for every single network device.
Not just that, with the help of configlets you can also upgrade firmware
and execute commands to fix errors and to make bulk changes. Click here
to know more about Configlets!