The need to protect your Data from outsiders has increased due to the amount of illegal hacking that is performed nowadays. Regardless of type, size, scope, or industry, every company that wants to survive must always be ready to defend and protect its important data.

ACL in networking is a key element used in the security of computer networks.

ACL’s full form in networking is the Access Control List.

ACL means keeping an eye on the data packets that flow in and out the network and compares it with a set of standards. In this article, let us discuss what is ACL, its types and components, and how to implement it in a Router.

In this article let us look at:

  1. What is ACL
  2. Why Use ACL
  3. Where Can You Place ACL
  4. Components of ACL
  5. Types of Access Control List
  6. How to implement ACL on a Router

1) What is ACL

Access Control lists are a kind of Stateless Firewall that monitors every packet flowing in the network and forwards the packet or blocks it based on the rules mentioned. It either allows, restricts, or blocks the packet in the network.

When asked the question about What is Access Control Lists, it is implemented in a router or firewall, every packet is analyzed based on the standard mentioned and the decision is taken. This can be based on the destination address, source, protocols implemented, or any other information. It can be implemented in any networking device like a router, firewalls, hubs, etc.

2) Why Use ACL

As the Access Control Lists definition suggests, Its main purpose is security. Other reasons are –

  • Controls the flow of traffic in the network – It controls every packet that leaves or enters the network, hence can control its flow. No unnecessary or irrelevant packet will be floating in the network. This can also save the host from attacks like DDOS (Denial of Service Attacks), as these attacks occur when hackers overflow the host network with lots of data packets.
  • Lead to better performance of the network – As there is only the restricted traffic that was allowed by the Network Engineers, it leads to better performance of the overall network.
  • Provides an adequate level of Security – The main objective of the Access Control List is to provide security to your network, as Admin can give access and deny access to anyone. You can restrict users, packets from specific networks, or packets following a specific protocol, in the same way, permission to packets can also be given. Earlier, Access Control List was the only way to implement Firewalls, but now there are many other options available. Companies still use ACL along with others like VPN.
  • Monitoring of the packet flow – Access Control lists also help in monitoring the network packets that are entering and exiting the network.

3) Where Can You Place ACL

Access Control List should be placed along with the devices that are facing external networks and need to filter these packets before entering the network. One way is to place it at the edge of the router. A router is placed normally between the DMZ and the Internet. Here, DMZ is a Demilitarized Zone, which acts as a barrier between the private network and public network.

DMZ is divided into two devices, the one that is private and is trusted and the other public one, The Internet.

4) Components of ACL

The implementation of the Access control List is simple and easy. You can define rules and guidelines for multiple entries. For every guideline, you have to specify the following details –

  • Sequence Number: An ACL is identified using its sequence number. This is the first entry you have to submit.
  • ACL Name: You can also define the ACL using an ACL Name, instead of ACL Sequence Number. Some routers allow for ACL Name to have a combination of letters and digits, whereas some only allow letters.
  • Remark: Remarks can also be added to some routers. This helps the Network Engineer to add details about the ACL.
  • Statement: Here statements can be denied or provide access to a particular address, network, or Protocol. Users can also be provided access or denial to enter or exit the network.
  • Network Protocol: Here, you can specify whether to deny or to permit network protocols like TCP, UDP, IP,  ICMP, IPX, NetBIOS, and other protocols.
  • Source or Destination: Here, you can specify if you want to mention rules for a specific Source address or Destination address.
  • Log: Some networking devices are capable of maintaining logs about all the matches ACL found. This can be used in the betterment of the performance.
  • Other Criteria: Here you can mention details that are allowed by advanced ACL like, differentiated services codepoint (DSCP) priority, IP precedence, and Type of Service (ToS).

5) Types of Access Control List

There are four types of Network ACL-

  • Standard ACL – This is the simplest one that provides very little security. It permits or denies the network only based on the Source Address. Here different rules cannot be written for protocol or any other detail. The configuration is as follows
  • Extended ACL – Extended Access Control List provides more options for writing rules like you can permit or deny source and destination for a single host or an entire network. You can also mention rules for protocols like UDP, TCP, etc.
  • Dynamic ACL – Dynamic Access Control List depends upon the above type of ACLs and authentication through Telnet. These sorts of ACLs are frequently alluded to as “Lock and Key” and can be utilized for explicit time spans. These rundowns license admittance to a client to a destination or source just if the client verifies to the gadget through Telnet.
  • Reflexive ACL – Reflexive Access Control List is additionally alluded to as ‘IP session ACLs’. These kinds of ACLs, channel traffic dependent on upper-layer information i.e. from the session layer. They respond to sessions that began inside the switch to whether grant outbound traffic or limit approaching traffic. The switch perceives the outbound ACL traffic and makes another ACL list section for the inbound. At the point when the session completes, the section is taken out. The configuration is as follows 

6) How to implement ACL on a Router

Getting entrance and departure traffic (or inbound and outbound) in a router, is basic for appropriate ACL usage.  When setting rules for an ACL, all traffic streams depend on the perspective of the router’s interface (not different systems). As should be obvious from the image beneath, entrance traffic is the stream originating from a system, regardless of whether it is outer or inward, into the router’s interface. The departure traffic, then again, is the stream from the interface going out into a system. For an ACL to work, apply it to a router’s interface. Since all directing and sending choices are produced using the router’s equipment, the ACL proclamations can be executed a lot quicker.

At the point when you make an ACL section, the source address goes first, and the objective follows. At the point when you make a Deny/Permit rule, you should initially characterize the source, and afterward the objective IP.


Access Control List is basically firewalling, that can protect your network from irrelevant packets and traffics. If used carefully, it is very efficient. For this, you need to understand the flow of incoming and outgoing data. If an ACL list is placed in the wrong place, it can badly affect the performance of the network.

In case, you are interested in Cyber Security then browse through our Master Certificate in Cyber Security (Blue Team), a 520 hours long program with preparation for 7 global certifications.


Are you ready to build your own career?