Access Control List

Access control lists (ACLs) perform packet filtering to control which packets move through a network and to where. The packet filtering provides security by helping to limit the network traffic, restrict the access of users and devices to a network, and prevent the traffic from leaving a network.


ACL filters:

Inbound ACLs filter the traffic before router makes forward decision. 

Outbound ACLs filter the traffic after the router makes forward decision.


An ACL filter condition has to two actions; permit and deny. We can permit certain types of traffic while blocking rest or we can block certain types of traffic while allowing rest.

 

Example Network setup in NetSim:

Create a scenario as per the below screenshot



Go to router properties and enable ACL_Status shown below



Set the ACL properties as per the following screenshot and click on ADD which permits traffic from Wired Node B (11.1.1.2) to Wired Node C (11.2.1.2) in Router's interface 2

Similarly Set the following properties and click on ADD which denies traffic from Wired Node B (11.1.1.2) to Wired Node D (11.3.1.2) in Router's interface 3

Set the following properties and click on ADD and then ACCEPT which permits traffic from Wired node C (11.2.1.2) to Wired Node D (11.3.1.2) in Router's interface 3


Simulate the network and observe the application throughput. 


The throughput for first application is zero, since the ACL blocks traffic flow in Router's 3rd interface