What is Access Control List (ACL) in networking?

You may have heard about the Access Control List or ACL. It is used to control permissions to a computer system or network, but do you know what is Access control list?

As we know, the Internet is a network of networks, and routers play a vital role in having connectivity between different networks. Routers are used in industries, universities, businesses, corporate offices, schools, colleges, etc., to connect their different branches from different locations. As a router sends traffic from one network to another, sometimes we need to monitor and control this traffic for security purposes.

So, we use ACLs, i.e., Access Control List, to control and monitor this traffic. So, let's understand what is Access control list.

What is Access Control List?

ACLs are rules defined for controlling network traffic to reduce network attacks. Using a set of rules specified for the network's incoming or outgoing traffic, ACLs filter this traffic.

Using an ACL is primarily intended to secure your network. Without it, any traffic is allowed to either enter or exit the network. Access control lists are employed on computer networks to forbid or permit particular network traffic. They filter the traffic on the basis of the traffic's origin and destination.

In the current times, Network interfaces and operating systems, like Linux and Windows, are also equipped with ACLs. A user or group of users' names make up one or more access control entries (ACEs) that are contained within each ACL.

The access privileges are specified for each user, group, or role in a string of bits known as an access mask. The person who creates the access control list for an item is often the system administrator or the object owner.

Now that you have a better idea of what is access control list, it is time to understand its purpose.

What is the purpose of Access Control List?

ACLs or Access control Lists can be used for two purposes, namely:

1. To filter traffic
2. To identify traffic

As mentioned above, access lists are a set of rules organized in a rule table. A condition, either permit or deny, is provided by each rule or line in an access list.

• When an access list is used to filter the traffic -
  • a permit statement is used to "allow" traffic,
  • Whereas, to "block" traffic, a deny statement is used.
• In a similar way, when identifying traffic with an access list -
  • a permit statement is used to include traffic
  • A deny statement, on the other hand, makes it clear that the traffic should "not" be included.

We hope you have a better understanding of what is the purpose of the Access control list. Moving on, let's see the types of Access Control List.

Types of Access Control List in Networking

Two common types of named access lists are available.

1. Standard Access list

These Access-lists were created solely utilizing the source IP address. These ACLs either allow or disallow the whole set of protocols. There is no distinguishing between the IP traffic like TCP, UDP, HTTPS, etc. Using numbers 1-99 or 1300-1999; the router will recognize it as a standard ACL and the provided address as the source IP address.

IP standard access list -

• 1–99 (normal range)
• 1300-1999 (Expanded Range)

2. Extended Access list

This ACL makes use of source IP, destination IP, source port, and destination port. With these ACL types, we can also mention which IP traffic should be allowed or denied. These use range from 100-199 and 2000-2699.

IP extended access list -

• 100-199 (normal range)
• 2000-2699 (Expanded Range)

These are the two types of ACL. Let's also take a look at categories of Access lists.

Numbered and named access lists are the two types available.

1. Numbered access-list

These are the access list that cannot be modified when created, i.e., if we want to remove any rule from an Access-list, then this is not allowed in the case of the numbered access list. The whole access list gets deleted if we try to delete a rule from the access list. Both standard and extended access lists can use the numbered access list.

2. Named access list

An access list is given a name in this kind of access list so that it may be recognized. It is allowed to modify a named access list, unlike numbered access list. Like numbered access lists, these can also be used with both standards and extended access lists.

If you are still with us, you have seen most of the important aspects of ACL, such as What is Access Control List, what are the types of Access Control List in networking, and their purpose. Now, spare a few more minutes and check out these essential in-depth insights on ACL.

Important rules to understand ACL

• Filtering traffic is the primary use of access lists, so when filtering traffic, access lists are applied on interfaces.  A packet travels through a router, which checks the top line of the rule list first before moving down the list until a match is found.
• Once a match is made, the packet is either permitted or denied.
• All access lists have an implied "deny all" at the end.
• Either inbound (packets received on an interface before routing) or outgoing (packets leaving an interface after routing), access lists are applied.
• Per interface, protocol, and direction, a single access list is permitted.
• In general, standard Access-list is used near the target (but not always).
• Typically, an extended Access-list is used near the source (but not always).
• If we are utilising a numbered Access-list, we are unable to remove a rule from it. The entire ACL will be erased if we attempt to remove a rule. If we use named access lists, we can delete a specific rule.
• Before adopting access lists, thoroughly analyse the entire scenario because every new rule that is added will be placed at the bottom of the access list.
• Since every access list contains an implicit deny at the conclusion, we need to include a permit statement in our Access-list at the very least to avoid blocking all traffic.
• The names of standard and extended access lists must be different.

Access Control List Frequently Asked Questions

What is access control list?

Access Control List contains the set of rules that defines whether to grant or deny access to any kind of traffic. ACLs are mainly used either to provide access to traffic or to filter it out.

What is access control list example?

Some of the most common examples of access control lists are web servers, VPN systems, remote access systems, and DNS servers. Consider any company's network; they have a lot of sensitive files, and not every department is allowed to access that data. So, ACLs are used to filter data to certain destinations.

Where is access control list?

The access control list can be found in a firewall router or any router that connects two networks. In these routers, ACLs allow the filtration of traffic by allowing or denying entry to specific resources on the network.

What is the function of access-list?

Access lists are installed in networking devices such as Routers and switches, to filter the traffic. Their function is to allow or deny traffic access for a specified network resource. This is done by using the pre-defined rules and source/destination of the traffic.

You can also take a look at this video to have more insights on Access Control List.

We certainly believe you have a good idea about Access Control List now. If you want to learn in-depth about such topics, you should join our CCNA training. Please spare a moment and do let us know about your experience in the comment box below. We would love to hear from your side.