| Access Control Lists |
| General An access control list is - a list of commands to limit the users to a certain port. Its used for security purposes and to keep unwanted users from reaching certain parts of the network. The function of Access control lists on routers is - to provide security to selected parts of the network from selected addresses. The reasons access control lists are used are - administrators are able to block certain protocols from certain addresses, used mainly to provide security to certain parts of the network. Segmentation with routers and access control lists are related because - They both can deny or allow addresses to continue on to their destinations. OSI model The layers of the OSI model standard access control lists function at are -The lower three layers. The fields in the data packet header Access Control lists are concerned with are - source and destination. The layers of the OSI model extended access control lists function at are - The lower three layers. The fields in the data packet header extended access control lists are concerned with are - The source and destination, and also checks the TCP or UDP protocol port number. In order to develop an Access Control List for my sites router, I had to review the TCS LAN design requirements. These requirements stated that each school must have: Two networks, one for Curriculum and the other for administration. Each unique LAN segment (Curriculum and Administration) connected to a seperate ethernet port on a router. An Access Control List Example What follow is a sample Access Control List that, when placed on my shools router that will block curriculum LAN users from accessing the Administrative LAN segment. Continue to give Administrative LAN users complete access into the Curriculum LAN segment. All Curriculum LAN segment users will be given acces to a DNS/Email server on the Administrative segment. Router# config t Router(config)# access-list 100 permit udp 130.12.16.0 0.0.0.255 130.12.8.16 0.0.0.0 eq dns Router(config)# access-list 100 permit tcp 130.12.16.0 0.0.0.255 130.12.8.17 0.0.0.0 eq smtp Router(config)# access-list 100 deny ip 130.12.16.0 0.0.0.255 130.12.8.0 0.0.0.255 Router(config)# int e0 Router(config-int)# ip access-group 100 Router(config-int)#exit Router(config)#exit Router# In our district WAN we used ACL's because... the administration needs access to the curriculum LAN to make changes, but the curriculum LAN dosen't need access the the administration LAN. An access list was the most efficient way to implement such changes. |