Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

What's the difference between standard and extended ACL ? and It's necessary to have a Firewall or just ACL can replace it ?

user-image
Question ajoutée par Amir Ben Khelifa , IT Network Engineer , CNI
Date de publication: 2013/12/07
Saqib Mehmood
par Saqib Mehmood , Technical Team Lead/Safety Supervisor , Xchange Technology Group

Standard ACLs provides basic packet filtering in which match is based on only source IP address.

Extended ACLs allows filtering not only on source address but also on destination addresses, protocol type and source and destination port numbers

Cisco router can act as a firewall with ACLs but not as powerful as actual firewall. Firewalls are specialized devices that come hardened with best security practices and with advanced hardware acceleration for protocols like IPSec and others by default. Actual firewalls support more VPN and security features than a normal router.

Abdullah Al-Bataineh
par Abdullah Al-Bataineh , Senior NOC Engineer , viacloud

Security demands increasing day by day, so ACLs are not the fit solution that you may use to protect your network. Now adays you need to use UTM Firewall to replace the regular one. UTM Features (IPS, Network Antiviruse, Application Firewall, etc...) is a mandatory .

mohammed akram
par mohammed akram , Network Enginee , Digital Oasis Information Technology company

by using extend you can filter it by port  no or protocol  such as tip/ip/ icmp,smnp, like wise we can differentiate . where as in acl without port no and protocol , it also differentiate by no0 to99 for acl where as extended used100 too199 for extended

mohamed ismail R
par mohamed ismail R , Network Security , Accenture

Standard ACLs provides basic packet filtering in which match is based on only source IP address.Extended ACLs allows filtering not only on source address but also on destination addresses, protocol type and source and destination port numbers in this there is an chance of an attack return traffic can be malious. So,prevent from such type of attack we require firewall which going to maintain connction table if they found there is an spoffing in the return traffic if gonna deny the traffic.

TRUST DZUDA
par TRUST DZUDA , Technician , QUIP HIRE PRIVATE LIMITED

a standard access control list only filters packects based on source  whereas an extended  acl filters based both on source and destination. a firewall is still necessary for extra security

Celeste Ann Mascarenhas
par Celeste Ann Mascarenhas , Health Care Assistant, Level 3 Nursing , Carlton Court Care Home

They all phrase the difference in terms of specifying the source address. This is really not the correct perspective. The key difference is that a standard access list specifies only a single address (and optionally a mask) while an extended access list can specify two addresses, two masks,

Standard IP access list provides basic packet filtering abilities based on the source IP address of a packet onl

extended ip access lists allow filtering not only on source addresses but also on destination addresses protocols and even.

Another important point of difference is that individual lines of entry can be deleted in the named lists while this is not possible in standard and extended access control lists. There are also configuration differences between the numbered and named ACLs

A “StandardACL allows you to prioritize traffic by the Source IP address. An “ExtendedACL provides greater control over what traffic is prioritized. Extended ACLs can use any or all of the following parameters: ... Destination IP address

standard IP access list provides basic packet filtering abilities, based on the source IP address of a packet only. As a general rule, apply standard IP access lists close to the destination network to which you wish to permit or deny access.  Standard IP access lists fall into the numerical range 1- ...

Cisco router can act as a firewall with ACLs but not as powerful as actual firewall. Firewalls are specialized devices that come hardened with best security practices and with advanced hardware acceleration for protocols like IPSec and others by default. Actual firewalls support more VPN and security features than a normal router.

More Questions Like This