ACL Operation

What is ACL Operation – Explained

As I discussed the Access Control List (ACL) in my previous articles that it is a technique used for monitoring outgoing traffic as well as incoming traffic and allowing them to pass or deny based on the source IP address, destination IP addresses, service protocols and ports.

The rules give control to packets that enter the router, packets that relay through the router, and packets that exit from the router interface. Access Control List does not act on the packets originating from the router.  We can configure and apply ACL operation to inbound and or outbound directions:-

Inbound ACL

In this type of Access Control List, analyze incoming packets before routing them to the outbound interface. An inbound Access Control List is efficient because it reduces the load of routing lookups. If packet not matched to the criteria; It is discarded before routing table lookup.

If ACL permits the packet for outbound then router processed it for routing. Inbound Access Control List is especially perfect to filter packets when the only a single inbound interface is the source of the packets.

Outbound ACL

In this type of Access Control List, the router receives incoming packets and routes the packets to an outbound interface. After route lookup, they are processed through the outbound Access Control List to exit the interface. It is best when packets come from multiple inbound interfaces, and the same filter requires all incoming traffic before exiting the same outbound interface.

The end statement for both inbound and outbound Access Control List is always an implicit deny, which is automatically inserted at the end of each ACL. The implicit deny blocks all types of traffic because of implicit deny. The figure below illustrates the inbound and outbound Access Control List.

ACL Operation

Avatar of Asad Ijaz

Asad Ijaz

NetworkUstad's lead networking architect with CCIE certification. Specializes in CCNA exam preparation and enterprise network design. Authored 2,800+ technical guides on Cisco systems, BGP routing, and network security protocols since 2018. Picture this: I'm not just someone who writes about tech; I'm a certified expert in the field. I proudly hold the titles of Cisco Certified Network Professional (CCNP) and Cisco Certified Network Associate (CCNA). So, when I talk about networking, I'm not just whistling in the dark; I know my stuff! My website is like a treasure trove of knowledge. You'll find a plethora of articles and tutorials covering a wide range of topics related to networking and cybersecurity. It's not just a website; it's a learning hub for anyone who's eager to dive into the world of bits, bytes, and secure connections. And here's a fun fact: I'm not a lone wolf in this journey. I'm a proud member and Editor of Team NetworkUstad. Together, we're on a mission to empower people with the knowledge they need to navigate the digital landscape safely and effectively. So, if you're ready to embark on a tech-savvy adventure, stick around with me, Asad Ijaz Khattak. We're going to unravel the mysteries of technology, one article at a time!"