ACL is simply used to allow or not the package from the hosts toward a particular goal. ACL consisted of rules and conditions that determine the network traffic and determines whether the router will process the packet will be passed or not. This module will explain the standards and the extended ACL, ACL placement and some applications of the use of ACL.
ACL is a list of conditions used to test the network that tries trfaik through a router interface. These lists tell the router where packets will be accepted or rejected. Acceptance and rejection based on certain conditions.
To filter traffic jaringa, ACL determines if the packet is passed or blocked at router interfaces. Router ACL to make decisions based on source address, destination address, protocol, and port number.
ACL must be defined by the protocol, or port direction. To control the flow of traffic on the interface, the ACL must be defined in each protocol on the interface. ACLs control traffic in one direction in the interface. Two separate ACL should be created to control the inbound and outbound traffic. Each interface can have multiple protocols and directions that have been defined. If the router has two interfaces are given IP, AppleTalk and IPX, so needed the 12th ACL. There must be at least one ACL per interface.
Here is a function of the ACL:
- Limit network traffic and improve network performance. For example, ACL block video traffic, so it can reduce network load and improve network performance.
- Manage the flow of traffic. ACL is able to block routing updates. If the update was not needed because the network conditions, the bandwidth can be saved.
- Ability to membrikan basic security for access to the network. For example, host A is not allowed access to the HRD network, and a host of B allowed.
- Deciding which type of traffic that will be passed or blocked by a router interface. For example, email traffic is served, telnet traffic is blocked.
- Controlling the areas where clients can access the network.
- Choosing a host-hots are permitted or blocked access to the network segment. For example, ACL allow or block FTP or HTTP.
There are two stages to make the ACL. The first stage into the global config mode and then give the command access-list and followed by parameters. The second phase is to determine the ACL to the specified interface.
The rules used to create access list:
- Must have one access list per protocol per direction.
- Standard access list should be applied closest to the destination.
- Extended access list should be applied to the nearest home.
- Inbound and outbound interface must be viewed from the direction of incoming router ports.
- Statement processed sequencial access from the top down until there is a match. If no match then the packet is rejected and discarded.
- There deny any statement at the end of the access list. And do not look at the configuration.
- Access lists that included specific sequence must be filtered with the public. Particular host must be rejected once and groups or the public later.
- The condition of matching is run first. Permitted or denied executed if there is a suitable statement.
- Never work with an access list in an active condition.
- The text editor should be used to make a comment.
- A new line being added at the end of the access list. No access-list command x will delete the entire list.
- Access list of IP will be sent as ICMP host unreachable message to the sender and will be discarded.
- Access lists should be removed carefully. Some versions of IOS will apply the default interface to deny any and all traffic will be stopped.
- Outbound filters do not affect the original traffic originating from the local router.
Jumat, 23 April 2010
Langganan:
Posting Komentar (Atom)
Tidak ada komentar:
Posting Komentar