Access Control Lists (ACL) are permission based system that gives different levels of access to files and information to the employees in an organization. They function as approval slips that give the user permission to open a specific network device, file, or other information. Organizations can also use access control lists to create levels of access benefits for employees for them to see and edit.
ACL’s permit and restrict data flow into and out of network interfaces in devices like router’s and some switches, thus termed as “network filter”. When the ACL is configured, the network device analyses the data passing through the interface and compares it to the criteria specified in the ACL list. It then decides whether to permit or restrict the data to flow through the interface.
Uses of an ACL: It provides privacy, security, and clarity for large organizations that contain sizeable amounts of data. Reasons a company might use ACL’s.
- Prevents unauthorised users from accessing sensitive data or services. Though it is important for employees to be able to acquire the information they want, sometimes the company needs to protect its critical and sensitive information from outside people.
- ACL’s can provide a limitation to the access which is helpful for companies when sharing information with third party clients. They can limit the client’s access to the company’s data and prevent them from finding restricted information.
- Helps to slow down the traffic in the network. Some companies have powerful networks but if there is a large amount of traffic flowing it may slow down the process and hamper the business throughput. By putting control over the number of users that can access certain files or systems, the network traffic can be controlled and as a result, the network performance is increased.
- Saves costs from upgrades required for the network by utilizing the maximum of the current network. ACL’s provide security and increases network performance.
Types of ACL: They are of four types depending on their purposes.
- Standard ACL: It protects the network using the source address and is used for simple deployments.
- Extended ACL: It can be used to restrict the source and destination hosts or entire networks. It is also can be used to filter protocol based information like IP, ICMP, TCP, or UDP.
- Dynamic ACL: It is also called a “lock-and-key” ACL’s allows users to access a particular source or destination host through a user authentication process via Telnet.
- Reflexive ACL: It is also called a “IP session” ACL’s as they filter traffic based on upper layer session information. They are triggered due to sessions originating in the router deciding on permitting the outbound traffic or restricting the inbound traffic. The router then identifies the new traffic flow and creates a new ACL entry for the inbound path that is removed once the session ends.
To learn Cisco Certification