Access-list (ACL) is a set of rules defined for controlling the network traffic and reducing network attacks. ACLs are used to filter traffic based on the set of rules defined for the incoming or out going of the network.
Standard Access-list –
These are the Access-list which are made using the source IP address only. These ACLs permit or deny the entire protocol suite. They don’t distinguish between the IP traffic such as TCP, UDP, Https etc. By using numbers 1-99 or 1300-1999, router will understand it as a standard ACL and the specified address as source IP address.
Features –
- Standard Access-list is generally applied close to destination (but not always).
- In standard access-list, whole network or sub-network is denied.
- Standard access-list uses the range 1-99 and extended range 1300-1999.
- Standard access-list is implemented using source IP address only.
- If numbered with standard Access-list is used then remember rules can’t be deleted. If one of the rule is deleted then the whole access-list will be deleted.
- If named with standard Access-list is used then you have the flexibility to delete a rule from access-list.
Note – Standard Access-list are less used as compared to extended access-list as the entire IP protocol suite will be allowed or denied for the traffic as it can’t distinguish between the different IP protocol traffic.
Configuration –
Here is a small topology in which there are 3 departments namely sales, finance and marketing. Sales department having network 172.16.40.0/24, Finance department having network 172.16.50.0/24 and marketing department having network 172.16.60.0/24. Now, want to deny connection from sales department to finance department and allow others to reach that network.
Now, first configuring numbered standard access – list for denying any IP connection from sales to finance department.