ACL

Date 08/16/2024

This article explains in detail what ACL is and why we need it, while deepening your understanding and providing some specific applications for your reference.

ACL is a network security and traffic control technology that defines which traffic can enter or leave a network device. It controls the transmission of data packets by setting rules to allow or deny specific types of traffic. ACL is a collection of one or more rules, where a rule is a specific statement of a matching condition, source address, destination address, or port number.

How Does ACL Work

If we compare the network to a company, there will be security personnel at the entrance of the company. The security personnel will hold a list of company personnel (ACL), which specifies who can enter and who is not allowed to enter. When a data packet wants to enter the network, the device will check it one by one according to the ACL. If it meets the established rules, the data packet will be allowed to enter. If it does not meet the rules, the data packet will be denied access to the network. Generally speaking, ACL rules are usually based on the following parameters:

Source IP address: source address of the data packet.

Destination IP address: the destination address of the data packet.

Source port number: source port of the data packet.

Destination port number: destination port of the data packet.

Protocol type: such as TCP, UDP, ICMP, etc.

Why Do We Need to Use ACL

ACL acts as a filter for devices and can be used to allow or deny specific traffic to or from the network. If ACL is not used, all packets can freely enter and exit the network, which makes the network extremely vulnerable to attacks.

As shown in the figure, to ensure the security of its financial data, the company configures ACL on the router to prohibit access from certain departments and allow the host in the president's office to access the server of the finance department to view financial data. Configuring ACL on the router can also block common ports for network viruses, prevent malicious traffic from invading the network, and protect the company's internal network security.

What Can an ACL Do

ACL can mainly achieve the following functions for the network:

Ensure access security: ACL can allow or deny users to access a storage server, network, and service by setting rules in advance, which can avoid the leakage of company confidential information and prevent the risk of illegal access.

Prevent network attacks: When network viruses invade the company's internal network, ACL can block high-risk ports and external traffic to prevent losses.

Improve bandwidth utilization: ACL can accurately identify and control specific applications based on the early priority list. When congestion occurs, it ensures the service quality of key applications and limits other service traffic with lower priority, thereby improving bandwidth utilization.

Application of ACL

Using ACL in QoS to Restrict Communication

In the company, the Finance Department and the Sales Department are assigned two IP addresses in different network segments. If the access between departments is unrestricted, there will be a risk of information leakage. Therefore, to ensure information security, ACL can be configured in the router connecting the two departments to restrict the mutual access between the two departments, thereby protecting information security.

Apply ACL to the Firewall

As we all know, the firewall is deployed at the boundary between the internal network and the external network to prevent the external network from attacking the internal network. ACL also plays the role of traffic filtering, so deploying ACL on the firewall will not only not affect the firewall function, but also enhance its security and play a role in protecting network security. As shown in the figure, ACL is configured on the firewall, which can only allow PC A to access the internal network and deny access to other external network hosts.

Conclusion

In general, ACL, as a key part of protecting network security, can filter abnormal traffic and prevent information leakage. It allows or denies user access by formulating rules, thus protecting the company network from being violated. If you have any questions about ACL, please feel free to contact QSFPTEK's CCIE/HCIE engineers at [email protected].