Access Control Lists (ACLs) | 103
7
Access Control Lists (ACLs)
This chapter describes the Access Control Lists (ACLs), prefix lists, and route-maps.
Access Control Lists (ACLs) are supported on platforms:
e c s z
Ingress IP and MAC ACLs are supported on platforms: e c s z
Egress IP and MAC ACLs are supported on platforms: e s z
Overview
At their simplest, Access Control Lists (ACLs), Prefix lists, and Route-maps permit or deny traffic based
on MAC and/or IP addresses. This chapter discusses implementing IP ACLs, IP Prefix lists and
Route-maps. For MAC ACLS, refer to Layer 2.
An ACL is essentially a filter containing some criteria to match (examine IP, TCP, or UDP packets) and an
action to take (permit or deny). ACLs are processed in sequence so that if a packet does not match the
criterion in the first filter, the second filter (if configured) is applied. When a packet matches a filter, the
switch drops or forwards the packet based on the filter’s specified action. If the packet does not match any
of the filters in the ACL, the packet is dropped ( implicit deny).
The number of ACLs supported on a system depends on your CAM size. See CAM Profiling, CAM
Allocation, and CAM Optimization in this chapter for more information. Refer to Content Addressable
Memory (CAM) for complete CAM profiling information.
This chapter covers the following topics:
• IP Access Control Lists (ACLs)
• CAM Profiling, CAM Allocation, and CAM Optimization
• Implementing ACLs on FTOS
• IP Fragment Handling
• Configure a standard IP ACL
• Configure an extended IP ACL
• Configuring Layer 2 and Layer 3 ACLs on an Interface
• Assign an IP ACL to an Interface
• Configuring Ingress ACLs
• Configuring Egress ACLs
To Next Page
Loading...
