Match ResultsWildcard MaskAddress
Matches any even-numbered
network in the range of 10.1.2.0 to
10.1.254.0
0.0.254.255 (noncontiguous bits in
mask)
10.1.2.0
Access List Sequence Numbers
The ability to apply sequence numbers to IP access list entries simplifies access list changes. Prior to the IP
Access List Entry Sequence Numbering feature, there was no way to specify the position of an entry within
an access list. If you wanted to insert an entry in the middle of an existing list, all of the entries after the desired
position had to be removed, then the new entry was added, and then all the removed entries had to be reentered.
This method was cumbersome and error prone.
This feature allows users to add sequence numbers to access list entries and resequence them. When you add
a new entry, you specify the sequence number so that it is in a desired position in the access list. If necessary,
entries currently in the access list can be resequenced to create room to insert the new entry.
ACL Supported Types
The switch supports IP ACLs and Ethernet (MAC) ACLs:
•
IP ACLs filter IPv4 traffic, including TCP, User Datagram Protocol (UDP), Internet Group Management
Protocol (IGMP), and Internet Control Message Protocol (ICMP).
•
Ethernet ACLs filter non-IP traffic.
This switch also supports quality of service (QoS) classification ACLs.
Supported ACLs
The switch supports three types of ACLs to filter traffic:
•
Port ACLs access-control traffic entering a Layer 2 interface. You can apply only one IP access list and
one MAC access list to a Layer 2 interface.
•
Router ACLs access-control routed traffic between VLANs and are applied to Layer 3 interfaces in a
specific direction (inbound or outbound).
•
VLAN ACLs or VLAN maps access-control all packets (bridged and routed). You can use VLAN maps
to filter traffic between devices in the same VLAN. VLAN maps are configured to provide access control
based on Layer 3 addresses for IPv4. Unsupported protocols are access-controlled through MAC addresses
using Ethernet ACEs. After a VLAN map is applied to a VLAN, all packets (routed or bridged) entering
the VLAN are checked against the VLAN map. Packets can either enter the VLAN through a switch
port or through a routed port after being routed.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1167
Information About Access Control Lists
To Next Page
Loading...
Need help?
General
