Purpose of ACLs ACLs or Access Control Lists are an important part of the network, mostly because of the security they provide from the outside world, but also because of their ability to control traffic flow and limit who can access what from within the networks. The placement of ACLs on our network is used to a) prevent access from outside the school, while still allowing internet access to traffic originating within the school and b) prevent students from accessing the teachers’ network (VLAN) while still providing access to enterprise servers – specifically the DNS server and the mail server. We unfortunately cannot document the effect of the ACLs on the entire district, as we do not yet know the specifications of the WAN for the school district. Effect of ACLs on network We have decided to set up a border router to handle all incoming Internet traffic, leaving an internal Layer 3 switch to handle network tasks. Since all VLANS in the network are connected through the same switch, this could result in plenty of traffic for the Layer 3 switch, leaving it vulnerable to any sort of hacker attack, or causing a sluggish response during times of peak internet access. With a border router to handle Internet requests, and potential outside attacks, the interior Layer 3 switch is left alone to do its job. This network set up is a little different from the traditional setup in that we’ve added a border router for security purposes. Since we do not have the requirements for the WAN yet, we do not know how this will impact the WAN connection of the school district network. The ACL on the border router will ensure unwanted traffic from the Internet is stopped at the router, while still allowing established traffic through. Within the network, the ACLs will refuse any connections from the students’ VLANs to the teachers’ network, except for any connections attempting to access the DNS server or the email server, both located on the teachers’ network.
Router(config)#
interface gi 1/0/1
This applies the ACL to the interface connected to the teachers’ VLAN, therefore allowing access to the DNS and email servers. Router# config
t
|
| Home | | | Requirements | | | IP Address Scheme | | | Diagrams | | | Hardware | | | WAN | | | Contact | | |
