Access Control Lists (ACLs) for the Series 5300xl Switches
ACL Operation
ACL Operation
Introduction
An ACL is a list of one or more Access Control Entries (ACEs), where each
ACE consists of a matching criteria and an action (permit or deny). An ACL
applies only to the switch in which it is configured. ACLs operate on assigned
static VLANs, and filter these traffic types:
■ Routed traffic entering or leaving the switch on a VLAN. (Note that
ACLs do not screen traffic at the internal point where traffic moves
between VLANs or subnets within the switch. Refer to
“ACL Inbound
and Outbound Application Points” on page 9-8.)
■ Switched or routed traffic entering the switch on a VLAN and having
an IP address on the switch as the destination
You can apply one inbound ACL and one outbound ACL to each static VLAN
configured on the switch. The complete range of options per VLAN includes:
■ No ACL assigned to a static VLAN. (In this case, all traffic entering
or leaving the switch on the VLAN does so without any ACL filtering,
which is the default.)
■ One ACL assigned to filter either the inbound or the outbound traffic
entering or leaving the switch on a static VLAN.
■ One ACL assigned to filter both the inbound and the outbound traffic
entering or leaving the switch on a static VLAN.
■ Tw o different ACLs assigned to a static VLAN; one for filtering
traffic entering the switch and one for filtering traffic leaving the
switch.
Note On a given switch, after you assign an ACL to a static VLAN, the default action
for all physical ports belonging to the VLAN is to deny any traffic that is not
specifically permitted by the ACL. (This applies only in the direction of traffic
flow filtered by the ACL.)
9-12
To Next Page
Loading...
