ACL - PowerPoint PPT Presentation

vielka-cline
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
ACL PowerPoint Presentation
play fullscreen
1 / 10
Download Presentation
ACL
157 Views
Download Presentation

ACL

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. ACL CK NG Technical Marketing Speaker 2006/XX/XX Speaker 2007/XX/XX WWW.Edge-Core.com www.Edge-Core.com

  2. Access Control List • The Benefits of ACL • Firewall from the edge • Prevent unauthorized device from access the network • Restrict access to network resources • Prevent virus or hacker attack • Isolated traffic between subnetwork • Offload the burden of firewall • Filtered unwanted packets from the edge which cannot be controlled by firewall • 3 Types of ACL • MAC Access Control List • IP Standard Access Control List • IP extended Access Control List

  3. ACL Definition • A list of ACE • Each ACE specifies permit or deny and a set of conditions the packet must satisfy in order to match the ACE • Syntax of ACE can be extended • Example of ACE • L3 ACE “permit tcp any host 10.1.1.1 “ • L2 ACE “deny 00-10-11-00-00-01 any vid 3“ • An ACL is a sequential list (ACE) of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. • If a list contains all permit rules, a packet will be accepted as soon as it passes any of the rules. • However, if a list contains all deny rules, then a packet will be rejected as soon as it fails any one of the rules.

  4. ACL Flow Permit Outgoing Packet Y Y Y Match the First ACE Match the Second ACE Match the Last ACE … Incoming Packet N N N Deny Packet Discard

  5. MAC ACL Type DATA CRC Preamble DEST SRC 8100 PID/VID • MAC Access Control List • Source/ Destination MAC and bitmask • CoS/ Vid/ Ether-type and bitmask Preamble DEST MAC SRC MAC DATA CRC Type

  6. MAC ACL Internet RADIUS Server ES4626-SFP Access Distribution Core ES4524D Deny 00-10-b5-01-01-02 MAC Address 0010B5010102

  7. IP Standard ACL Preamble DEST SRC • IP Standard Access Control List • source IP and subnet Mask SIP DIP Type 0800 IP Header DATA CRC

  8. IP Standard ACL Internet RADIUS Server ES4626-SFP Access Distribution Core ES4524D Deny host 192.168.1.100 IP Address 192.168.1.100

  9. IP Extended ACL Preamble DEST SRC • IP extended Access Control List • Source/ Destination ip and subnet mask • Service Type: ToS, Precedence bits, DSCP and bit mask • Protocol number: TCP/UDP/ Others • Source/ Destination port number and bit mask • Control code and bit mask DSCP Src Port Dest Port TOS Type 0800 IP Header TCP/UDP Header DATA CRC TOS IP Precedence

  10. IP Extended ACL Internet Server ES4626-SFP Access Distribution Core ES4524D access-list ip extended netbios_filter deny any any destination-port 135 deny any any destination-port 137 deny any any destination-port 138 deny any any destination-port 139 deny any any destination-port 445