We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Networking

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is an ACL Network?

By S.A. Keel
Updated: May 16, 2024
Views: 15,280
Share

An ACL network is really just like any other computer network, with the exception that the routers and switches running on the network adhere to a predetermined list of access permissions. The network routers are given a list of rules, called an access control list (ACL), that can permit basic admission to or from a network segment as well as the permission to access services that may be available through them. While an ACL can be used in other computer services, such as user permission to access files stored on a computer, in the case of an ACL network, the rules are applied to the network interfaces and ports that communication data travels through.

As data packets travel through controlled ports on a network device of an ACL network, they are filtered and evaluated for permissions. In most cases, this occurs on a network router or switch. Some firewall programs built into an operating system, however, can also be viewed as a form of access control list. When a data packet is entering or leaving an interface on the network device, it is evaluated for its permissions by being checked against the ACL. If those permissions are not met, the packet is denied travel.

An ACL is composed of access control entries (ACE). Each ACE in the listing contains the pertinent information on permissions for packets entering or leaving the ACL network interface. Every ACE will contain either a permit or deny statement, as well as additional criteria a packet will need to meet. In most cases, packets are evaluated based on common Internet protocol (IP) standards such as Transmission Control Protocl (TCP), User Datagram Protocol (UDP) and others in the suite. Of the most basic types of ACL, only the originating address is checked, whereas in an extended ACL, rules can be established that check the origin and destination addresses as well as the specific ports that the traffic both originated from and are destined to.

In an ACL network, the control lists are built up within network routers and switches. Each networking hardware vendor may have separate rules for how an ACL must be constructed. Regardless of which hardware manufacturer or software developer created the programming that processes packets against an ACL, the most important aspect to implementing an ACL network is planning. In cases of poor planning, it is entirely possible for an administrator to log-on to a particular router, begin implementing an ACL on that router, and suddenly find himself locked out of that router or some segment of an entire network.

One of the most common ACL network implementations is built into the proprietary Internetwork Operating System (IOS) created by Cisco Systems®. On Cisco® IOS routers and switches, the ACL is typed in manually by an administrator and is implemented automatically as each item in the list is added. The ACL needs to be implemented incrementally, so that as an individual packet matches an entry, the remainder that fall under the same permissions can follow suit. Any changes to the list mean that it needs to be retyped in its entirety.

While not as secure as a firewall for protecting a network, an ACL is useful in addition to a firewall for a number of scenarios. An administrator can limit traffic to and from certain areas of a larger network or keep traffic originating at certain addresses from leaving the network altogether. Packets can be monitored in an ACL network in order to locate problem areas on the network, identify hosts that are behaving improperly or tracking down client computers that may be infected with a virus that is attempting to spread. An ACL can also be used to specify traffic that needs to be encrypted between nodes on the network.

Share
EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Discussion Comments
Share
https://www.easytechjunkie.com/what-is-an-acl-network.htm
Copy this link
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.