2. All routers today implement policies for packet filtering and forwarding and
ID: 3641872 • Letter: 2
Question
2. All routers today implement policies for packet filtering and forwarding and most of themuse what are called Access Control Lists (ACLs) to configure these policies. Do some research on a
commercially available router that uses ACLs (pick the router vendor of your choice) and describe in
detail how ACLs are used and how the packet filtering is done. Include specific examples of the ACLs in
your answer, but note that you do not need to describe how the hardware implements the packet filtering
and forwarding.
Make sure to identify the router you are describing. Note that most of the routers meant for home
networks do not allow users to configure or view the actual ACLs, rather, they use a simple GUI interface
to set router policy; such a device would not be a good example for this question. Also, many of the
commercial routers also provide a GUI interface to setting ACLs. For this question it is important that
you describe the use of the ACL, not the GUI interface.
Explanation / Answer
Solution:
1)
-Cisco RV110W Wireless-N VPN Firewall
-Cisco 1721 VPN Router
-Cisco Small Business RV220W Wireless-N Network Security Firewall - wireless router - none - 802.11 a/b/g/n - desktop
-TP-Link TL-WR340G - wireless router - none - 802.11b/g - desktop
We have Picked Cisco as Vendor of Choice
2)
What Access Lists Do
Access lists filter network traffic by controlling whether routed packets are forwarded or blocked at the router's interfaces. Your router examines each packet to determine whether to forward or drop the packet, based on the criteria you specified within the access lists.
Access list criteria could be the source address of the traffic, the destination address of the traffic, the upper-layer protocol, or other information. Note that sophisticated users can sometimes successfully evade or fool basic access lists because no authentication is required.
Why You Should Configure Access Lists
There are many reasons to configure access lists—for example, you can use access lists to restrict contents of routing updates, or to provide traffic flow control. But one of the most important reasons to configure access lists is to provide security for your network; this is the reason focused on in this chapter.
You should use access lists to provide a basic level of security for accessing your network. If you do not configure access lists on your router, all packets passing through the router could be allowed onto all parts of your network.
For example, access lists can allow one host to access a part of your network, and prevent another host from accessing the same area. In Figure 6, Host A is allowed to access the Human Resources network and Host B is prevented from accessing the Human Resources network.
ACL working includes:
Masks , ACL summrization , Edit ACLs, Process ACLs .
PACKET FILTERING:
This technique uses router having ACLs (Access Control Lists). These routers have the capability to allow only certain kind of packets to pass depending upon various types information such as destination address, destination port, sender address etc. This feature is performed at the lower layer of ISO/OSI (transport layer or session layer). Since it is employed at the lower layer, it has less overhead and since packet filtering is done with the help of router which are specialized in sending selective packets, it is faster.
However, the problem with packet filtering is that there is no means to verify or guarantee the source address.
Router Discussed:
-Cisco RV110W Wireless-N VPN Firewall
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.