Network Computing is part of the Informa Tech Division of Informa PLC
ACL Implementation Guide
If you find yourself in a situation where you need to filter traffic somewhere on your network, then knowing how to configure access control lists (ACLs) is an essential skill to have. An IP ACL can be configured on a specific interface in order to permit/deny traffic based on IP address and/or TCP/UDP port(s).
In this guide, you will learn how access control lists work, the two most commonly used ACL types and how to configure an ACL. We will also show you how to edit ACLs and discuss how they can be used for functions other than filtering IP traffic. This guide uses Cisco hardware and software in the configuration examples, although ACLs largely function the same across all enterprise network equipment.
No matter what ACL type you are configuring, there are a few rules you must first understand before trying to configure your own. The two key rules to understand are how rules follow a top-down order and use an implicit deny rule at the end of each ACL.
When configuring an ACL that has multiple entries, each entry is read in a top-down fashion. As soon as an ACL entry is matched, the device stops the matching process. Because of this, you want to make sure that your most specific access control entries are toward the top of the list so they can be matched first.
Implicit deny-all at the end of an ACL
At the end of every ACL, there is an implicit "deny-all" statement applied. So if you want to configure an ACL to block traffic from 10.0.0.0/8 and permit all other traffic, you must specify the permit entry. If you don't, the implicit deny-all at the end of the ACL will prevent any IP traffic from traversing the interface where the ACL is applied.
(Image: guitario/iStockphoto with modification)
Recommended For You
Developing and managing a network budget is hard work for network professionals, who often get hit with new projects that they know nothing about. Is there a better way to manage network spending?
Making the jump from outdated legacy technology to a more modern digital infrastructure will allow businesses to innovate at the speed and scale needed in today’s marketplace.
The business world is speeding up. The longer IT leaders wait to get their needs met, the more at risk their businesses and their jobs will be.