Understand Access Control List
Feature Name |
Release Information |
Feature Description |
---|---|---|
ACL on Management Port |
Cisco IOS XR Release 7.11.1 |
Access Control List feature enables you to permit or deny specific devices to connect to the management port and access NCS 1010 devices. This control enhances network security. Both IPv4 and IPv6 ACLs are supported on the management port. Commands added:
|
Access Control List
Access Control List is a sequential list consisting of permit and deny statements that apply to IP addresses. ACL performs packet filtering to control the packets that move through the network. These controls allow to restrict the access of devices to the network and limit network traffic.
Access Control Entries
Access Control Entries (ACE) are entries in an ACL that describe the access rights related to a particular security identifier or user. An ACL consists of one or more access control entries (ACE) that collectively define the network traffic profile.
Types of Access Control List
ACL Type |
Verifies |
Controls traffic by |
---|---|---|
Standard ACL |
only the source IP address of the packets. |
comparing the IP address that is configured in the ACL with the source IP address in the packet. |
Extended ACL |
|
comparing the attributes that are defined in the ACL with those in the incoming or outgoing packets. |
Benefits of Access Control List
ACL allows you to
-
filter incoming or outgoing packets on an interface.
-
restrict the contents of routing updates.
-
limit debug output that is based on an address or protocol.
-
control vty access.
Guidelines to Create an Access Control List
-
Create an ACL before applying it to an interface.
-
Write a helpful remark before or after any statement to clarify its purpose.
-
Reference an ACL using a command that accepts it after you name the ACL.
-
Organize the ACL so that more specific references in a network or subnet appear before more general ones.
Restrictions for Access Control List
-
You can configure an ACL name with a maximum of 64 characters.
-
You can configure an ACL name to comprise only letters and numbers.
-
You can configure an ACL to control traffic ingressing or egressing a device but not traffic originating at the device.