CHAPTER
16-1
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
16
Identifying Traffic with Access Lists
This chapter describes how to identify traffic with access lists.
This chapter includes the following topics:
• Access List Overview, page 16-1
• Adding an Extended Access List, page 16-5
• Adding an EtherType Access List, page 16-8
• Adding a Standard Access List, page 16-9
• Adding a Webtype Access List, page 16-10
• Simplifying Access Lists with Object Grouping, page 16-10
• Adding Remarks to Access Lists, page 16-16
• Scheduling Extended Access List Activation, page 16-17
• Logging Access List Activity, page 16-18
For information about IPv6 access lists, see the “Configuring IPv6 Access Lists” section on page 12-6.
Access List Overview
Access lists are made up of one or more Access Control Entries. An ACE is a single entry in an access
list that specifies a permit or deny rule, and is applied to a protocol, a source and destination IP address
or network, and optionally the source and destination ports.
Access lists are used in a variety of features. If your feature uses Modular Policy Framework, you can
use an access list to identify traffic within a traffic class map. For more information on Modular Policy
Framework, see Chapter 21, “Using Modular Policy Framework.”
This section includes the following topics:
• Access List Types, page 16-2
• Access Control Entry Order, page 16-2
• Access Control Implicit Deny, page 16-3
• IP Addresses Used for Access Lists When You Use NAT, page 16-3
To Next Page
Loading...
