1 / 10

ACL

ACL. CK NG Technical Marketing. Speaker 2006/XX/XX. Speaker 2007/XX/XX. WWW.Edge-Core.com. www.Edge-Core.com. Access Control List. The Benefits of ACL Firewall from the edge Prevent unauthorized device from access the network Restrict access to network resources

Télécharger la présentation

ACL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ACL CK NG Technical Marketing Speaker 2006/XX/XX Speaker 2007/XX/XX WWW.Edge-Core.com www.Edge-Core.com

  2. Access Control List • The Benefits of ACL • Firewall from the edge • Prevent unauthorized device from access the network • Restrict access to network resources • Prevent virus or hacker attack • Isolated traffic between subnetwork • Offload the burden of firewall • Filtered unwanted packets from the edge which cannot be controlled by firewall • 3 Types of ACL • MAC Access Control List • IP Standard Access Control List • IP extended Access Control List

  3. ACL Definition • A list of ACE • Each ACE specifies permit or deny and a set of conditions the packet must satisfy in order to match the ACE • Syntax of ACE can be extended • Example of ACE • L3 ACE “permit tcp any host 10.1.1.1 “ • L2 ACE “deny 00-10-11-00-00-01 any vid 3“ • An ACL is a sequential list (ACE) of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. • If a list contains all permit rules, a packet will be accepted as soon as it passes any of the rules. • However, if a list contains all deny rules, then a packet will be rejected as soon as it fails any one of the rules.

  4. ACL Flow Permit Outgoing Packet Y Y Y Match the First ACE Match the Second ACE Match the Last ACE … Incoming Packet N N N Deny Packet Discard

  5. MAC ACL Type DATA CRC Preamble DEST SRC 8100 PID/VID • MAC Access Control List • Source/ Destination MAC and bitmask • CoS/ Vid/ Ether-type and bitmask Preamble DEST MAC SRC MAC DATA CRC Type

  6. MAC ACL Internet RADIUS Server ES4626-SFP Access Distribution Core ES4524D Deny 00-10-b5-01-01-02 MAC Address 0010B5010102

  7. IP Standard ACL Preamble DEST SRC • IP Standard Access Control List • source IP and subnet Mask SIP DIP Type 0800 IP Header DATA CRC

  8. IP Standard ACL Internet RADIUS Server ES4626-SFP Access Distribution Core ES4524D Deny host 192.168.1.100 IP Address 192.168.1.100

  9. IP Extended ACL Preamble DEST SRC • IP extended Access Control List • Source/ Destination ip and subnet mask • Service Type: ToS, Precedence bits, DSCP and bit mask • Protocol number: TCP/UDP/ Others • Source/ Destination port number and bit mask • Control code and bit mask DSCP Src Port Dest Port TOS Type 0800 IP Header TCP/UDP Header DATA CRC TOS IP Precedence

  10. IP Extended ACL Internet Server ES4626-SFP Access Distribution Core ES4524D access-list ip extended netbios_filter deny any any destination-port 135 deny any any destination-port 137 deny any any destination-port 138 deny any any destination-port 139 deny any any destination-port 445

More Related