Complex ACLs
When there is additional functionality on Standard and Extended ACLs we term it to be complex or large ACLs. There are three categories of Complex or large ACLs:
i. Dynamic or Lock-and-key ACLs
ii. Reflexive ACLs
iii. Time-based ACLs
What are Dynamic or Lock-and-key ACLs?
Dynamic or Lock-and-key ACLs is an IP traffic filtering feature. This type of access control list is basically reliant on telnet connectivity, authentication and extended ACLs. Lock-and-key is configured using IP dynamic extended access lists. This can be used in conjunction with other standard access lists and static extended access lists.
Firstly, network routers are configured to apply extended ACLs in block traffic from users who want to access the router without the use of telnet and authentication. However, with lock-and-key configured on the router, it reconfigures the interface's existing IP access list to permit designated users to reach their designated networks or host(s), and reconfigures the interface back to its original state when the user must have gained access. Dynamic or Lock-and-key ACLs permits traffic for a particular period.
Advantages of Dynamic ACLs
Some of the many security benefits of Dynamic ACLs over standard and static extended ACLs are:
- The use of an authentication mechanism for individual users.
- Reduction of the opportunity for network break-ins by network hackers.
- In many cases, reduction of the amount of router processing that is required for ACLs.
- Simplified management in large internetworks.
- Creation of dynamic user access through a firewall, without compromising other configured security restrictions.
Back
