Extended Acl

Ip access control list performs many functions in Cisco routers, with the most common use as a packet filter. Engineers may enable ACLs on a router so that the ACL sits in the forwarding path of packets as they pass through the router (CCNA ICND 2 pg. 254) Good locations to add ACL’s in the Cleveland office is to place them before the routers makes its forwarding decision, or outbound after the router makes its forwarding decision and has directed the packet out that interface.

The ACL’s that need to be installed in the Cleveland office are standard number ACL’s. As I stated before standard ACL’s are normally placed by the inbound destination of the packets so they are not discarded and also by the outbound destination. Another ACL that would work well with the Cleveland office would be the extended ACL. Extended ACL are different from standard ACL because packets header fields are larger in variety. They also use the first match logic because a router will stop the search thought out the list once the first match is found. Example of an extended ACL would be:

R1#config t

R1(config)#access-list 101 deny ip host 10.0.0.3 40.0.0.3

R1(config)#access-list 101 permit ip host any any

R1 (config)#interface fastethernet 0/0

R1 (config-if)#ip access-group 101 in

R1 (config-if)# exit

Because the creation of ACL’s it is highly recommended that a policy and procedures be implemented so the Cleveland network will not have any issue.

Responsibility of ACL’s

* Security

* Creation

* Maintenance

These steps are the reasonability of the Network Engineer and Admin, if any issue with the new ACL that are applied to the Network, employees should get in contact with the Network Admin (Ken Rodgers) by email or phone with any concerns and question regarding the new procedures.

AU-Policy

* Network Engineers and Administer

Only Network Engineers and Administer are authorize to make changes to the Network with the approval of the Senior...