007 Sequence Number Introduction

An Access Control List is one filter, or a sequence of filters, that are applied to an interface to either block or pass (or when using QoS, apply priority to) packets that match the filter definitions. ACLs are used to restrict network access by hosts and devices and to control network traffic. An ACL contains an ordered list of filters. Each filter specifies either permit or denies and a set of conditions the packet must satisfy in order to match the filter. The meaning of permit or deny entries depends on the context in which the ACL is used - either on an inbound or an outbound interface. When a packet is received on an interface, the switch compares fields in the packet against filters in the ACL to check whether the packet has permission to be forwarded, based on the filter properties. The comparison process stops as soon as the first match is found, and then the action of the ACL is applied. If no entries match, then, for the case of AlliedWare Plus hardware ACLs, the ACL ends in an implicit 'permit all else' clause. So, the unmatched packets are permitted. Because filters in an ACL are applied sequentially and their action stops at the first match, it is very important that you apply the filters in the correct order. For example, you might want to pass all traffic from VLAN 4 except for that arriving from two selected addresses A and B. Setting up a filter that first passes all traffic from VLAN 4 then deny traffic from addresses A and B will not filter out traffic from A and B if they are members VLAN 4. To ensure that the traffic from A and B is always blocked you should first apply the filter to block traffic from A and B, then apply the filter to allow all traffic from VLAN 4. You can assign sequence numbers to filters.

#Ccna #networksecurity #ACLs

Видео 007 Sequence Number Introduction канала IP Core Networks