This example models a network and simulates an ACL to understand how ACL filters inbound and outbound traffic at a router’s interface.
The network modelled consists of:
- Two subnets with 2 wired nodes, 1 router each and 3 applications.
- ACLs with both permit and deny rules are defined on the interfaces of the router.
NetSim uses the following directions for ACL simulations:
- The direction of the ACL is set to both. This means the ACL applies to both inbound and outbound traffic.
- The direction of ACL is set to Inbound. This means the ACL applies to inbound traffic only.
- The direction of ACL is set to Outbound. This means the ACL applies to outbound traffic only.
Open NetSim, Select Examples->Advanced routing->ACL Configuration then click on the tile in the middle panel to load the example as shown below in Figure 5 -24. Figure 5‑24: List of scenarios for the example of ACL Configuration
The following network diagram illustrates what the NetSim UI displays when you open the example configuration file for ACL as shown Figure 5 -25.
Figure 5‑25: Network set up for studying the ACL Configuration
ACL enabled in Network Layer of Router_5 and were configured as follows as shown Figure 5 -26.
Figure 5‑26: ACL Configuration for Router 5
ACL enabled in Network Layer of Router_6 and were configured as follows as Figure 5 -27.
Figure 5‑27: ACL Configuration for Router 6
Transport protocol set as UDP for APP_1_CBR and APP_3_CBR.
Transport protocol set as TCP for APP_2_CBR.
- Enable the plots and run Simulation for 10 seconds and observe the throughput obtained for the three applications.
Result and Observations#
Figure 5‑28: Application Metrics Table in result window
- The throughput for first application is zero, since the ACL blocks OUTBOUND UDP traffic flow in Router_5 from Wired Node 2 to Wired Node 1
- The throughput for second application is non-zero, since the ACL ‘Permits’ TCP traffic flow in Router_5 and Router6 from Wired Node 1 to Wired Node 3.
- The throughput for the third application is non-zero as ACL ‘Permits’ UDP traffic flow in Router_6 from Wired_Node_4 to Wired_Node_2.