IPv4 Access Control Lists (ACLs)
Terminology
Inbound Traffic: For the purpose of defining where the switch applies IPv4
ACLs to filter traffic, inbound traffic is a packet that meets one of the
following criteria:
• Static Port ACL: Inbound traffic is a packet entering the switch on the
port.
• Dynamic Port ACL: Where a RADIUS server has authenticated a client
and assigned an ACL to the port to filter the client’s IPv4 traffic,
inbound traffic is a packet entering the switch from that client.
NAME-STR: A term used in extended ACL syntax statements to represent the
“name string”; the alphanumeric string used to identify the ACL. See also
identifier and ACL-ID.
Named ACL: An ACL created with the ip access-list < extended | standard >
< name-str > command and then populated using the < deny | permit >
command in the Named ACL (nacl) CLI context. (Refer to “Entering the
IPv4 “Named ACL” (nacl) Context” on page 9-46.)
Numbered ACL: An ACL created and initially populated by using the access-
list < extended < 100 - 199 > | standard > < 1-99 >> command. (Refer to
“Creating or Adding to an Standard, Numbered ACL” on page 9-50.) After
a numbered ACL has been created, the switch manages it in the same way
as a named ACL, meaning that it can be applied and edited in the same
way as a named ACL.
Permit: An ACE configured with this action allows the switch to forward a
packet for which there is a match within an applicable ACL.
Permit Any Forwarding: An ACE configured with this action causes the
switch to forward IP packets that have not been permitted or denied by
earlier ACEs in the list. In a standard ACL, this is permit any. In an extended
ACL, it is permit ip any any.
RADIUS-Assigned ACL: See “Dynamic Port ACL”.
remark-str: The term used in ACL syntax statements to represent the variable
“remark string”; a set of alphanumeric characters you can include in a
remark in an ACL. A remark string can include up to 100 characters and
must be delimited by single or double quotes if any spaces are included
in the string.
SA: The acronym for Source Address. In an IPv4 packet, this is the source
IPv4 address carried in the IP header, and identifies the packet’s sender.
In a standard ACE, this is the IPv4 address used by the ACE to determine
9-12
To Next Page
Loading...
