Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
Analysis and technical im...

Analysis and technical implementation of ACL

Latest reply: Jan 29, 2022 11:22:22 576 13 14 0 7
View the author 1#

Analysis and technical implementation of ACL

ACL

Access control list (ACL) is an access control technology based on packet filtering. It can filter the data packets on the interface according to the set conditions and allow them to pass or discard. Access control list is widely used in routers and three-layer switches. With the help of access control list, users' access to the network can be effectively controlled, so as to ensure network security to the greatest extent.

Type of access control list

Standard access control list Filter packets based on source IP address The access control list number of the baiozhun access control list is 1 ~ 99 Extended access control list Filter packets based on source IP address, destination IP address, specified protocol, port, and flag The access control list number of the extended access control list is 100 ~ 199 Named access control list Named access control lists allow names to be used in place of table numbers in flag and extended access control lists

Application rules

3P principle

When applying an ACL on a router, you can use each protocol and each direction for each protocol. Configuring acLs using each interface (each interface) is often referred to as the 3P principle. (1) An ACL can be based on only one protocol. Therefore, an independent ACL must be configured for each protocol. (2) The data passing through the router interface has both input and output directions. Therefore, configuring the ACL on the interface has both input and output directions. Each interface can be configured with an ACL for the incoming direction, the incoming direction, or both. However, an ACL can control only one direction. (3) AN ACL can control data flows on only one interface but not multiple interfaces at the same time.

The order of statements determines the order in which data is controlled

The statement of an ACL is a logical top-down arrangement.The data matching process is to compare the statements in turn. Once the matching is successful, it is processed according to the current statement control strategy and is no longer compared with the following statements.Therefore, the correct order of statements can achieve the desired control effect.

At least one Permit statement

The last statement of all ACLs is an implicit deny statement, indicating that when all statements fail to match, data will be rejected and automatically discarded in case it accidentally enters the network.Therefore, when writing "deny" ACLs, there must be at least one Permit statement, otherwise the interface that configures the ACL will reject any data and affect normal network communication.

The most restrictive statements should be placed at the front of the ACL

The most restrictive statements are placed at the front of the ACL, which first filters out a lot of data that does not meet the requirements, saving the comparison time of the following statements, thus improving the efficiency of the router.

Experimental Topology:

1-R5 sets the IP address 192.168.12.1 24, R6 sets the IP address 192.168.12.2 24

2-Set ACL mode at R6, deny R5 remote access to R6 entries, and set flow direction at R6 port to deny R5 entry

3-Setting remote login password in R6

That's all. Thank you. 

t_0002.gif


ACL

Like (14) Dislike (0) Favorite(7) Share Report
Previous: Playback of Webinar about MAC Address Table Features and MSTP Configuration
Next: Interconnection of the STP and PVST
(0) (0)
2#
Unicef
MVE Created Aug 18, 2021 02:39:35

Well done
View more
  • x
  • convention:

user_4147187
user_4147187 Created Aug 18, 2021 02:41:36 (0) (0)
Thank you for your support.  
AL_93
AL_93 Reply user_4147187  Created Aug 30, 2021 04:43:22 (0) (0)
 
(0) (0)
3#
Jimenez_Luzi
Created Aug 20, 2021 14:37:41

Hey, brother, this article is well written.
View more
  • x
  • convention:
(0) (0)
4#
Vlada85
MVE Author Created Aug 20, 2021 16:22:45

Very good! Thank you!
View more
  • x
  • convention:
(0) (0)
5#
Linda_Wu
Created Aug 23, 2021 09:58:36

nice
View more
  • x
  • convention:
(0) (0)
6#
andersoncf1
MVE Author Created Aug 23, 2021 16:08:53

Well done! Thanks you for sharing
View more
  • x
  • convention:
(0) (0)
7#
Kevin_Thomas
Created Aug 24, 2021 12:34:01

Good post. As always, keep up the good work!
View more
  • x
  • convention:
(0) (0)
8#
AL_93
Moderator Created Aug 25, 2021 05:18:09

Useful post, thank you!
View more
  • x
  • convention:
(0) (0)
9#
Liu_Yingluo
Created Aug 30, 2021 04:09:07

The article is worth our study.Analysis and technical implementation of ACL-4109769-1
View more
  • x
  • convention:
(0) (0)
10#
Logo_Wooo
Created Sep 12, 2021 01:15:35

I love it.Analysis and technical implementation of ACL-4131481-1
View more
  • x
  • convention:
12
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.