Access Control Lists
An access control list (ACL), with respect to a computer file system, is a list of permissions attached to an object.
An ACL specifies which users or system processes are granted access to
objects, as well as what operations are allowed on given objects. Each
entry in a typical ACL specifies a subject and an operation. For
instance, if a file has an ACL that contains (Alice, delete), this would give Alice permission to delete the file.
Cisco
routers support two basic types of IP access lists:
·
Standard—Filter
IP packets based on the source address only.
· Extended—Filter
IP packets based on several attributesRange of access list
| Type | Range | |||
| IP Standard | 1–99 | |||
| IP Extended | 100–199 | |||
| IP Standard Expanded Range | 1300–1999 | |||
| IP Extended Expanded Range | 2000–2699 |
Standard ACLs
A standard IP ACL is simple; it filters based on source address only.
You can filter a source network or a source host, but you cannot filter
based on the destination of a packet, the particular protocol being
used such as the Transmission Control Protocol (TCP) or the User
Datagram Protocol (UDP), or on the port number. You can permit or deny
only source traffic.
Extended ACLs:
An extended ACL gives you much more power than just a standard ACL.
Extended IP ACLs check both the source and destination packet addresses.
They can also check for specific protocols, port numbers, and other
parameters, which allow administrators more flexibility and control.
Named ACLs
One of the disadvantages of using IP standard and IP extended ACLs is
that you reference them by number, which is not too descriptive of its
use. With a named ACL, this is not the case because you can name your
ACL with a descriptive name. The ACL named DenyMike is a lot more
meaningful than an ACL simply numbered 1. There are both IP standard and
IP extended named ACLs.
Another advantage to named ACLs is that they allow you to remove individual lines out of an ACL. With numbered ACLs, you cannot delete individual statements. Instead, you will need to delete your existing access list and re-create the entire list.
Another advantage to named ACLs is that they allow you to remove individual lines out of an ACL. With numbered ACLs, you cannot delete individual statements. Instead, you will need to delete your existing access list and re-create the entire list.
References : http://computernetworkingnotes.com/network-security-access-lists-standards-and-extended/access-control-list.html
From this post, I learn the advantages and disadvantages between the different types of ACLs. I also learn the difference between the usage of standard IP access lists and extended access lists.
ReplyDelete