Access control list (ACL) - Cisco router

What is Access control list (ACL) - Cisco router

Access control list is a firewall technology that allows your router to inspect incoming and outgoing packets and takes action on those packets to configure rules.

There are two types of ACL in the cisco router

1. Standard

2. Extended

Standard:- is a very harsh type of ACL. Because this ACL allows in and deny packets according to the source port. It also blocks TCP/IP service it can not allow and deny and TCP/IP specific

( Accept Telnet Or ICMP )

Extended:- This ACL is widely used in the network because it is allowed to use permit and deny and specific TCP/IP service and it can netblock packet according to the source port. It is checks source as well as destination address so you can permit and deny a specific network or specific host.

ACL Guidelines in cisco router 

1. There should be one permit statement in each ACL. If you cannot provide a permit statement all traffic is denied.

2. Write all the specific statements at the top of the list and other general statements at the bottom.

3. First, Create ACL on the Global configuration mode and then apply it to the interface. If you do not do this ACL can not work.

4. Each interface of the router supports 2 ACL but the direction of both ACL must be opposite. You can create 1 inbound and 1 outbound ACL for each interface.

5. If you add any new entry in the ACL, It will be saved at the bottom.

6. If you delete a single line from the ACL, the entire list will be deleted.

7. Copy your current ACL in a notepad before you make any changes because direct editing is not possible.

8. The router can only process ACL when traffic reaches the router only. So you can not create any ACL for the same network.

9. If you are applying standard ACL or any interface make sure that the interface is not responsible to receive and forward traffic to other networks.