Access Control Lists (ACLs) for the Series 5300xl Switches
Configuring and Assigning an ACL
Types of ACLs
■ Standard ACL: Uses only a packet's source IP address as a criterion
for permitting or denying the packet. For a standard ACL ID, use either
a unique numeric string in the range of 1-99 or a unique name string
of up to 64 alphanumeric characters.
■ Extended ACL: Offers the following criteria as options for permit-
ting or denying a packet:
• Source IP address
• Destination IP address
• TCP or UDP criteria
For an extended ACL ID, use either a unique number in the range of 100-
199 or a unique name string of up to 64 alphanumeric characters.
You should carefully plan your ACL application before configuring specific
ACLs. For more on this topic, refer to “Planning an ACL Application” on page
9-16.
ACL Configuration Structure
After you enter an ACL command, you may want to inspect the resulting
configuration. This is especially true where you are entering multiple ACEs
into an ACL. Also, it will be helpful to understand the configuration structure
when using later sections in this chapter.
The basic ACL structure includes three elements:
1. List type and name: This identifies the ACL as standard or extended and
shows the ACL name.
2. One or more deny/permit list entries (ACEs): One entry per line.
Element Stnd Ext Notes
ID Range 1 - 99 100 - 199 You can also use an alphanumeric name
of up to 64 characters, including spaces.
Minimum ACEs per ACL 1
Maximum ACEs Per ACL 1024 The switch allows a total of 1024 ACEs
and per Switch across all ACLs.
3. Implicit deny any: Where an ACL is in use, the switch denies any packets
that do not have a match with the ACEs explicitly configured in the ACL.
The implicit deny any does not appear in ACL configuration listings, but
9-26
To Next Page
Loading...
