Maxitech Electrical Services

9809 1359 or 0419 269 990  
 24 hours 7 days - Sydney Wide Service 
On line Bookings 24hs@electricalservices.com.au  

ACL 

1: Requirements Of Access Control Lists:

Access Control Lists are needed on the school district network to permit or deny traffic from certain subnets entering other subnets. In the district WAN, traffic destined for networks outside the district network, such as the internet, will be permitted. Traffic from external networks destined for the internal district network will be prevented from entering the school's network. Within each school, traffic originating from the curriculum LAN will not be permitted to enter the administrative network. Access from the curriculum network will be permitted only to certain servers on the administrative network such as E-mail, Domain Name Services, the Library Server and the Application server. The curriculum network will be allowed to access the Internet. Traffic originating from the administration LAN will be permitted to access any area of the school network. Only established IP traffic will be allowed to enter the administration network from outside the school.


2: District Core Router ACLs

Extended format access control lists will be established on the two routers at the district office that act as the double firewall.

An extended access control list will be placed on the ethernet interface of the internal firewall router. This ACL will permit internal traffic to access the internet and the internet services segment. This access control list will only allow established traffic from external networks to enter the district network.

Another access control list will be placed on the externally exposed firewall router to allow internet traffic to access the Internet Services Segment for services such as E-mail, Domain Name Services and the public district web server. Unestablished network traffic from external networks will not be permitted to enter the wide area network.


3. Router Command Sequence

100.131.8,16,24

access-list 100 permit ip 100.131.16.0 0.0.7.255 100.131.26.0 0.0.0.3
access-list 100 permit ip 100.0.0.0 0.255.255.255 host 100.131.26.1
access-list 100 permit tcp any any established
access-list 100 permit tcp 100.131.24.0 0.0.7.255 100.131.16.0 0.0.7.255
access-list 100 deny tcp any any

interface ethernet 1
ip-access group 100 out


4. Traffic Effects Of ACLs On Schools And District Network

These access control lists will permit curriculum network users to access the DNS/Email server, the application server and the library server. It will also allow anyone from within the autonomous system, or, network 100.0.0.0, accessing the local DNS server for the purposes of restoring data to the district master server and because these services pose no threat to the rest of the network. The access lists will permit established ip traffic back to the user requesting the data. Traffic from the administration network will be allowed to pass freely to the curriculum network.

Access control lists on the firewall routers will prevent connections that originate from the internet or other external networks entering the the internal Wide area network. External connections will only be allowed to access the internet services segment. Access control lists will also only allow established connections initiated from within the WAN receiving packets from outside the wide area network.

Send mail to 24hs@electricalservices.com.au  with questions or comments about this web site.

On line bookings and enquiries 24hs@electricalservices.com.au  

HOME

 


ACL

HOME