Ch9 Access Control Lists - Theory Flashcards
Access Control Lists
Series of IOS commands that control whether a router forwards or drops packets based on information found in the packet header.
Tasks Performed By ACLs (6)
- Limit network traffic to increase network performance.
- Provide traffic flow control (restrictt router / system updates).
- Provide basic level of security for network access.
- Filter traffic based on traffic type.
- Screen hosts to permit or deny access to network services.
- Select specific traffic to be analyzed / sorted / classified for other purposes.
TCP Protocol Overview (3)
- Connection Oriented Protocol.
- Full-Duplex.
- Uses Flow-Control and Congestion-control Mechanisms.
FTP Port
21 TCP
Telnet Port
23 TCP
SMTP Port
25 TCP
HTTP Port
80 TCP
IMAP Port
143 TCP
Internet Relay Chat (IRC) Port
194 TCP
Secure HTTP Port
443 TCP
Trivial File Transfer Protocol (TFTP) Port
69 UDP
Routing Information Protocol (RIP) Port
520 UDP
Where does Packet Filtering Occur
Works at Layer 3 (Network) and Layer 4 (Transport) OSI Model; Internet Layer TCP/IP Model
Access Control Entries
aka: ACL Statements; The permit or deny statements that controls the behavior of an ACL.
3 Items ACL Extracts from Layer 3 Packet Header
- Source IP
- Destination IP
- ICMP Message Type
2 Items ACL May Extract from Layer 4 Header
- TCP / UDP Source
2. TCP / UDP Destination.
2 Directional Forms of ACLs
- Inbound ACL’s
2. Outbound ACL’s
Inbound ACL
ACL whose entries are processed before the packet is routed to an outboard interface.
When is it best to Inbound ACLs
When the network attached is the only source of packets that needs to be examined.