8
1 ACL configuration
An access control list (ACL) is a set of rules (or permit or deny statements) for identifying
traffic based on criteria such as the source IP address, destination IP address, and port
number.
ACLs are essentially used for packet filtering. A packet filter drops packets that match a
deny rule and permits packets that match a permit rule. ACLs are also widely used by
many modules, for example, QoS and IP routing, for traffic identification.
NOTE:
Unless otherwise stated, ACLs refer to both IPv4 and IPv6 ACLs throughout this document.
ACL classification
ACLs fall into four categories, as shown in Table 1 .
Table 1 ACL categories
Source/destination IPv4 address,
protocols over IPv4, and other Layer 3
and Layer 4 header fields
Source/destination IPv6 address,
protocols over IPv6, and other Layer 3
and Layer 4 header fields
Ethernet
frame header
ACLs
Layer 2 header fields, such as source
and destination MAC addresses, 802.1p
priority, and link layer protocol type
ACL numbering and naming
Each ACL category has a unique range of ACL numbers. When creating an ACL, you
must assign it a number for identification, and in addition, you can also assign the ACL a