Guidelines for ACL Creation
Summary
This topic explain how to create ACLs. Start learning CCNA 200-301 for free right now!!
Limited Number of ACLs per Interface
In a previous topic, you learned about how wildcard masks are used in ACLs. This topic will focus on the guidelines for ACL creation. There is a limit on the number of ACLs that can be applied on a router interface. For example, a dual-stacked (i.e., IPv4 and IPv6) router interface can have up to four ACLs applied, as shown in the figure.
Specifically, a router interface can have:
- one outbound IPv4 ACL
- one inbound IPv4 ACL
- one inbound IPv6 ACL
- one outbound IPv6 ACL
Assume R1 has two dual-stacked interfaces that require inbound and outbound IPv4 and IPv6 ACLs applied. As shown in the figure, R1 could have up to 8 ACLs configured and applied to interfaces. Each interface would have four ACLs; two ACLs for IPv4 and two ACLs for IPv6. For each protocol, one ACL is for inbound traffic and one for outbound traffic.
ACL Best Practices
Using ACLs requires attention to detail and great care. Mistakes can be costly in terms of downtime, troubleshooting efforts, and poor network service. Basic planning is required before configuring an ACL.
The table presents guidelines that form the basis of an ACL best practices list.
Guideline | Benefit |
---|---|
Base ACLs on the organizational security policies. | This will ensure you implement organizational security guidelines. |
Write out what you want the ACL to do. | This will help you avoid inadvertently creating potential access problems. |
Use a text editor to create, edit, and save all of your ACLs. | This will help you create a library of reusable ACLs. |
Document the ACLs using the remark command. | This will help you (and others) understand the purpose of an ACE. |
Test the ACLs on a development network before implementing them on a production network. | This will help you avoid costly errors. |
Ready to go! Keep visiting our networking course blog, give Like to our fanpage; and you will find more tools and concepts that will make you a networking professional.