10-13
IPv4 Access Control Lists (ACLs)
Overview
Overview
Types of IPv4 ACLs
A permit or deny policy for IPv4 traffic you want to filter can be based on
source address alone, or on source address plus other factors.
Standard ACL: Use a standard ACL when you need to permit or deny IPv4
traffic based on source address only. Standard ACLs are also useful when you
need to quickly control a performance problem by limiting IPv4 traffic from a
subnet, group of devices, or a single device. (This can block all IPv4 traffic
from the configured source, but does not hamper IPv4 traffic from other
sources within the network.) A standard ACL uses an alphanumeric ID string
or a numeric ID of 1 through 99. You can specify a single host, a finite group
of hosts, or any host.
Extended ACL: Use an extended ACL when simple IPv4 source address
restrictions do not provide the sufficient traffic selection criteria needed on
an interface. Extended ACLs allow use of the following criteria:
■ source and destination IPv4 address combinations
■ IPv4 protocol options
Extended, named ACLs also offer an option to permit or deny IPv4 connec-
tions using TCP for applications such as Telnet, http, ftp, and others.
Connection-Rate ACL. An optional feature used with Connection-Rate fil-
tering based on virus-throttling technology. Refer to chapter 3, “Virus Throt-
tling”.
ACL Applications
ACL filtering is applied to IPv4 traffic as follows:
■ Routed ACL (RACL)— on a VLAN configured with an RACL:
• Routed IPv4 traffic entering or leaving the switch. (Routing can be
between different VLANs or between different subnets in the same
VLAN. Routing must be enabled.)
To Next Page
Loading...
Need help?
General