Access lists
Access lists are one of the most common and easy-to-understand access lists for filtering unwanted packets when implementing security policies. You can configure them to make very specific decisions about the organization of traffic patterns, so that they only allow a particular host to access web resources on the Internet while restricting others. By using the correct combination of the access list, network administrators can enforce almost any security policy they can create.
Data of the access list
If a specific condition is met, a specific action is taken. If the specified condition is not met, nothing will happen and the following statement is evaluated. The declaration of the access lists is a packet filter that is compared with the packets, is classified and executed. Once menus are created, they can be applied to incoming or outgoing traffic on any interface. An ACL application causes the router to analyze each packet that crosses that interface at the specified address and takes the appropriate action.
There are three important rules that a package tracks when compared to an access list:
The package is always compared to each line in the ACL list in sequential order, and will always start with the first statement of the ACL list, then go to declaration 2, then to the third statement, and so on.
The package is compared to the declaration of the access list until a match is made. Once the condition matches the statement in the access list, the package is handled without further comparisons.
·
There is an implicit "rejection" at the end of each access list, which means that if the package does not match any condition in any of the statements in the access list, the package will be ignored.
Type of access list (ACL)
1. Standard access lists This access list uses the source IP address only in the IP packet as a condition test. All decisions are made based on the source IP address. This means that standard ACLs allow or reject a complete set of protocols. Do not distinguish between any type of IP traffic, such as Web, Telnet, UDP, etc.
3.Access list Access name Access lists are standard or extended and are not really a type of area. To use ACLs as a packet filter, you must apply it to an interface on the router where you want to filter traffic. You must specify the traffic direction in which you want the ACLs. You must have different ACLs for incoming and outgoing traffic in an interface: