Access Control Lists for Traffic Control

There are various ways for network traffic control. One of the common ways for this job is using Access Contorol Lists. There are three types of access lists used for this purpose. These are;

• Router Access Control Lists( RACLs)
• Port Access Control Lists (PACLs)
• VLAN Access Control Lists (VACLs)

RACL is the most known Access Control List. Generally when ACL abbreviation is used it means RACL. RACL is used to control traffic for layer 3. Port Access Control is used to control the traffic for inbound layer 2. It is only used inbound direction because there is an hardware limitation for outbound direction.The last one, VLAN Access Control List is used to control the traffic within the VLAN.

Here to explain all these ACL types the below topology will help us.

Table of Contents

RACLs (Router Access Control Lists)

As mentined before, RACLs are used for controlling layer 3 traffic. These ACLs can be issued for both inbound and outbound direction. Below, the links that RACLs can be implemented is highlighted.

RACL for both direction

RACLs Configuration

Assume that we have a gigabitethernet 1/0/1 port on our router and we will add a RACL to this interface for both inbound and outbound direction. Firstly we must define the RACL and then we will apply the RACL to the interface.

Here is the configuration commands…

RouterA# configure terminal
RouterA(config)# ip access-list extended my_out
RouterA(config-ext-nacl)# permit ip 192.168.10.0 0.0.0.255 any
RouterA(config-ext-nacl)# permit ip 192.168.20.0 0.0.0.255 any
RouterA(config-ext-nacl)# exit
RouterA(config)# interface gig 1/0/1
RouterA(config-if)#  ip access-group my_out out
RouterA(config-if)# exit
RouterA(config)# ip access-list extended my_in
RouterA(config-ext-nacl)# deny tcp any 192.168.10.0 0.0.0.255 eq ftp
RouterA(config-ext-nacl)# deny ip host 192.168.2.3
RouterA(config-ext-nacl)# permit ip any any
RouterA(config-ext-nacl)# exit
RouterA(config)#  interface gig 1/0/1
RouterA(config-if)# ip access-group my_in in
RouterA(config-if)# exit

To control the configuration and the RACL assignation to the port, use the following show commands:

show ip interface gigabitethernet 1/0/1
show running-config interface gigabitethernet 1/0/1

PACLs (Port Access Control Lists)

In layer 2 interfaces PACLs are used instead of RACLs. PACLs are implemented only inbound direction because of the switches’s hardware limitations. Below, the ports that PACLs can be implemented are highlighted.

Become a Member!

Lesson tags: ACL, access-list

RACLs (Router Access Control Lists)

RACLs Configuration

PACLs (Port Access Control Lists)

Leave a Reply Cancel reply

IPv4

IPv6

ICMP and ARP

Routing Fundamentals

RIP

EIGRP

OSPF

BGP

Layer 2 Technologies

VPN Technologies

DHCP and DNS

EtherChannels

NAT

Access Lists

Security

SNMP

Spanning Tree

VLANs

First Hop Redundancy

QoS

Port Monitor

Path Virtualization

Device Access Control

Multicast Protocols

Cisco SD-WAN

Wireless Security

Network Security Design

IP Services

Network Assurance

Automation

Network Virtualization

Wireless

Other Lessons

Latest Lessons

Latest Blog Posts

WHAT YOU WILL FIND?

COURSES

SPECIALS

MEMBERSHIP