Purpose of Access Control Lists
Access control lists (ACLs) are utilized on networks to limit network traffic and increase network performance, provide traffic flow control, provide a basic level of security for network access, and decide which types of traffic are forwarded or blocked at the router interfaces. The ACL consists of a series of "permit" or "deny" statements. The list is placed on an interface and can be applied to either incoming or outgoing traffic. Traffic which does not match any of the statements is implicitly denied and dropped. Traffic can be permitted or denied based on any of several factors, including:

• The network address of the source or destination of the packet
• The specific host address of the source or destination node
• Routed protocol used (i.e. IP, IPX, AppleTalk)
• Application (i.e. FTP, HTTP, telnet, POP, etc.) and/or port number

The second implementation is designed to control network traffic and increase security by restricting access to the local Administrative network from users on Curriculum networks. Curriculum users will be permitted to send and receive e-mail, request name services from the DNS server, and send requests to the library server on the local Administrative LAN. Curriculum users will also be permitted to request web pages and use FTP to transfer files. IPX traffic to and from curriculum networks will not be filtered. All other traffic from the Curriculum network will be blocked unless an exception is made on an individual basis. All IPX traffic will also be blocked from entering the administrative network, as no administrative users will be using IPX. All ACLs will be controlled at the District office, and the District office will decide exceptions. This set of ACLs will be placed on each school's router connected to the WAN.