Access Lists

Access lists

Access lists are basically a list of conditions that classify packets, which are really useful when you need to control network traffic.

Access lists are one of the most common and easy-to-understand access lists for filtering unwanted packets when implementing security policies. You can configure them to make very specific decisions about the organization of traffic patterns, so that they only allow a particular host to access web resources on the Internet while restricting others. By using the correct combination of the access list, network administrators can enforce almost any security policy they can create.

Data of the access list

If a specific condition is met, a specific action is taken. If the specified condition is not met, nothing will happen and the following statement is evaluated. The declaration of the access lists is a packet filter that is compared with the packets, is classified and executed. Once menus are created, they can be applied to incoming or outgoing traffic on any interface. An ACL application causes the router to analyze each packet that crosses that interface at the specified address and takes the appropriate action.

There are three important rules that a package tracks when compared to an access list:
The package is always compared to each line in the ACL list in sequential order, and will always start with the first statement of the ACL list, then go to declaration 2, then to the third statement, and so on.

·
The package is compared to the declaration of the access list until a match is made. Once the condition matches the statement in the access list, the package is handled without further comparisons.
·
There is an implicit "rejection" at the end of each access list, which means that if the package does not match any condition in any of the statements in the access list, the package will be ignored.
Type of access list (ACL)

1. Standard access lists This access list uses the source IP address only in the IP packet as a condition test. All decisions are made based on the source IP address. This means that standard ACLs allow or reject a complete set of protocols. Do not distinguish between any type of IP traffic, such as Web, Telnet, UDP, etc.

2.Extended access lists Extended ACLs can evaluate many other fields in the Layer 3 and Layer 4 headers for an IP packet. They can evaluate the source and destination IP addresses, the protocol field in the network layer header, and the port number in the transport layer header. This gives extended ACLs the ability to make more precise decisions when controlling traffic.

3.Access list Access name Access lists are standard or extended and are not really a type of area. To use ACLs as a packet filter, you must apply it to an interface on the router where you want to filter traffic. You must specify the traffic direction in which you want the ACLs. You must have different ACLs for incoming and outgoing traffic in an interface:

Inbound access control lists: when access lists are applied to the incoming packet in an interface, these packets are processed through the access list before being routed to the external interface. No package will be routed.

Outgoing ACLs When an access list is applied to outgoing packets in an interface, packets are routed to the outgoing interface and processed through the access list before they are queued.