Access Control Lists in details

Access Control Lists (ACLs). 

• Access Control List (ACL) are filters that enable you to control which routing updates or packets are permitted or denied in or out of a network. They are specifically used by network administrators to filter traffic and to provide extra security for their networks. 
• This can be applied on routers (Cisco).

• ACLs provide a powerful way to control traffic into and out of your network; this control can be as simple as permitting or denying network hosts or addresses.  You can configure ACLs for all routed network protocols.

• The most important reason to configure ACLs is to provide security for your network. However, ACLs can also be configured to control network traffic based on the TCP port being used.

 How ACLs works.

• A router acts as a packet filter when it forwards or denies packets according to filtering rules. As a Layer 3 device, a packet-filtering router uses rules to determine whether to permit or deny traffic based on source and destination IP addresses, source port and destination port, and the protocol of the packet. These rules are defined using access control lists or ACLs.

• To simplify how ACL or a router uses packet filtering work, imagine  a guard stationed at a locked door. The guard's instruction is to allow only people whose names appear on a quest list to pass through the door. The guard is filtering people based on the condition of having their names on the authorized list.

• When a packet arrives at the router, the router extracts certain information from the packet header and makes decisions according to the filter rules as to whether the packet can pass through or be dropped. Packet filtering process works at the Network layer of the Open Systems Interconnection (OSI) model, or the Internet layer of TCP/IP.