What is Complex ACLs? Explained with Examples

By | 9th November 2015

Complex Access Control Lists.

When there is additional functionality on Standard and Extended ACLs, we term it to be complex or large ACLs. There are three categories of Complex or large ACLs:

i.    Dynamic or Lock-and-key ACLs

ii.   Reflexive ACLs

iii.  Time-based ACLs

What are Dynamic or Lock-and-key ACLs?

Dynamic or Lock-and-key ACLs is an IP traffic filtering feature. This type of access control list is basically reliant on telnet connectivity and authentication.

Extended ACLs Lock-and-key can be configured on the network using IP dynamic extended access lists. This can be used in conjunction with other standard access lists and static extended access lists.

Firstly, network routers are configured to apply extended ACLs to block traffic from users who want to access the router without the use of telnet and authentication. However, with lock-and-key configured on the router, it reconfigures the interface’s existing IP access list to permit designated users to reach their designated networks or host(s), and reconfigures the interface back to its original state when the user must have gained access.

Dynamic or Lock-and-key ACLs permits traffic for a particular period.

Advantages of Dynamic ACLs

Some of the many security benefits of Dynamic ACLs over standard and static extended ACLs are:

The use of an authentication mechanism for individual users.
Reduction of the opportunity for network break-ins by network hackers.
In many cases, reduction of the amount of router processing that is required for ACLs.
Simplified management in large internetworks.
Creation of dynamic user access through a firewall, without compromising other configured security restrictions.

Dynamic or Lock-and-key ACL Configuration Examples


Reflexive ACLs

Time-based ACLs

Access List Configuration Example

Applying Extended ACLs on Interfaces

Complex ACLs

Creating and Configuring Standard ACLs

How to Configure Switchport ACLs

Numbering and Naming ACLs

Troubleshooting ACLs Errors

Leave a Reply

Your email address will not be published. Required fields are marked *