Access Control List (ACL) configuration is not an easy task. There may be multiple policies required to manage the type of traffic allowed to enter or exit to the interface. Suppose we have a router with two interfaces. Both interfaces configured with IPv4 and IPv6. If we required ACLs for both IPv4 and IPv6, on both interfaces and in both directions (inbound and outbound), each interface required four ACLs, one ACL for IPv4, one ACL for IPv6, one ACL for inbound traffic and one ACL for outbound traffic. These are total eight separate ACLs. ACLs do not have to be configured for both inbound and outbound directions. The number of ACLs and their direction applied to the interface generally depend on the requirements of the network. The general guidelines for using ACLs are following:
- Use Access Control List (ACL) in routers positioned between internal network and an external network, generally in firewall router.
- Use Access Control List (ACL) on a router positioned between two parts of your network to control traffic entering or exiting a specific part.
- We can also configure Access Control List (ACL) on border routers, positioned at the edges of the networks.
- Configure Access Control List (ACL) for all network protocol using on the border router interfaces.
The Three P’s
The three P’s are important in ACLs guidelines. We can configure one ACL Per protocol, Per direction, Per interface:
- One ACL per protocol – To control traffic flow on an interface an ACL must be defined for each protocol enabled on the interface for example IP, IPX, AppleTalk.
- One ACL per direction– ACLs can control traffic only in one direction at a time on an interface. So, two separate ACLs must configure to control inbound and outbound traffic.
- One ACL per interface– ACLs control traffic for an interface, for example, GigabitEthernet 0/0 or FastEthernet 0/1.
Figure 1 shows the reference topology for OSPFv3 configuration. The figure2 show the configuration of IPv6 unicast and link-local addresses on the interfaces of Router1. Assume that the interfaces of Router2, Router3 and Router4 have already configured with the global IPv6 address and link-local address, as identified in the referenced topology. In this topology non […]
The Routers configured with dynamic routing protocol such as OSPF or EIGRP, need to send and receive routing protocol messages with their directly connected neighbors. The routers exchange messages between neighbors on the same subnet. These messages always sent from the source IPv4 address of the router. The link-local IPv6 addresses are perfect for this […]
Introduction to OSPFv3 OSPFv3 is routing protocol for IPv6 Just like OSPFv2 is for IPv4. There are several vital differences in the way the two protocols operate. It is the OSPFv2 equivalent for exchanging IPv6 prefixes. Remember that in IPv6, the network address is referred to as the prefix and the subnet mask is called […]
OSPF is one of more complicated routing protocols, and it can be pretty threatening. Therefore the troubleshooting and verification is very important. There are several ways of verification and troubleshooting of OSPF configuration and operation:- Verify OSPF Neighbors Figure 1 shows the reference topology for this lesson. We can show and verify the ospf neighbor […]
All interfaces have default bandwidth values assigned to them. But when the default bandwidth is much higher the actual bandwidth. This could misdirect traffic in the network. Maybe there was a better path with 50 Mbps but the routing protocol thought that this path had 100 Mbps available. The interface bandwidth values not affect the […]
OSPF uses 100 Mbps bandwidth for reference of any links that are equal to or faster than a fast Ethernet connection. Therefore, the cost assigned to a fast Ethernet with reference; bandwidth of 100Mbps would equal to 1. This calculation works for fast Ethernet interfaces, So links faster than 100 Mb/s calculation is not easy […]
OSPF uses “Cost” as the value of metric and uses a Reference Bandwidth of 100 Mbps for cost calculation. A lower cost indicates a better path than a higher cost. A routing protocol uses a metric to determine the best path of a packet across a network. A OSPF metric provide sign of the overhead […]
OSPF messages are forwarded to all OSPF-enabled interfaces by default. However, some interfaces not needed these messages. When you configure the OSPF protocol on interface using the network command, two things will occur: All interfaces configured with a network command; will be advertised in OSPF. OSPF hello packets sent on these interfaces periodically. Router1, Router2, […]