Access Control Lists (ACLs) | 71
5
Access Control Lists (ACLs)
This chapter describes the access control lists (ACLs), prefix lists, and route-maps.
This chapter contains the following sections:
• IP Access Control Lists (ACLs)
• IP Fragment Handling
• Configure a Standard IP ACL
• Configure an Extended IP ACL
• Configuring Layer 2 and Layer 3 ACLs on an Interface
• Assign an IP ACL to an Interface
• Configuring Ingress ACLs
• Configuring Egress ACLs
• IP Prefix Lists
• ACL Resequencing
• Route Maps
Overview
At their simplest, ACLs, prefix lists, and route-maps permit or deny traffic based on MAC and/or IP
addresses. This chapter describes implementing IP ACLs, IP prefix lists, and route-maps. For MAC ACLS,
refer to “Layer 2” on page 305.
An ACL is a filter containing some criteria to match (examine IP, transmission control protocol [TCP], or
user datagram protocol [UDP] packets) and an action to take (permit or deny). ACLs are processed in
sequence so that if a packet does not match the criterion in the first filter, the second filter (if configured) is
applied. When a packet matches a filter, the switch drops or forwards the packet based on the filter’s
specified action. If the packet does not match any of the filters in the ACL, the packet is dropped (implicit
deny).
The number of ACLs supported on a system depends on your CAM size. For more information, refer to
Content Addressable Memory (CAM).
To Next Page
Loading...
