Objectives by using Access control lists using:
1.Limit network traffic and improve performance of network. For example, queue technology, not only limits the network traffic, and reduce the congestion.
2.To provide control means for communication flow. For example, can control a network flow which get through the router.
3.To provide a basic security means for visiting network. For example, in companies, access the staff of the financial department to computer servers of financial department but refuse the visit from other departments
4.On the router interface, to decide whether transmit a certain flows or not. For example, you can allow to tranmit FTP communication flow, but refuse to transmit TELNET communication flow.
Working principles:
ACL provides two operations, all applications are working around these two operations: Access、deny
Note: ACL is a procedure in CISCO IOS and it has its own orders to implement teh command from administrators, its orders for implementation is from top to bottom, and as soon as it found the matching procedure, it will stop to search, if not yet found teh matching one, then implement a hidden code – discarded DENY. Therefore, you must pay attention to the sequencing in writing ACL.
For example: To deny flow from 172.16.1.0/24, write ACL form as following:
Access 172.16.0.0/18
Deny 172.16.1.0/24
Access 192.168.1.1/24
Deny 172.16.3.0/24
Well, the results will be contrary to the expectation, Lets check what will be happened after exchange the place of Table I and Table II:
Deny 172.16.1.0/24
Access 172.16.0.0/18
Access 192.168.1.1/24
Deny 172.16.3.0/24
We found 172.16.3.0/24 just the same as before, this table is still inactive, because the implementation found the matching when it reached Table 2, so routers will access it, and is completely contrary to our requiement, then we need to move Table 4 to the front,
At last, it will be:
Deny 172.16.1.0/24
Deny 172.16.3.0/24
Access 172.16.0.0/18
Access 192.168.1.1/24
One can see that the ACL in the configuration of a rule: the more precise Table will be put to more forward, and the more general items on the table will be put later.
ACL is a collection of judgment statements, it is mainly used to control the following data:
1, inport data;
2, export data;
3, transmitted data by the routers.
If you need to read more,Please download PDF of integrity ....
Download link:analysis-on-ccna-exam-640-802-analysis-on-access-control-listsok
本文热度: 暂无排名
