Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Planning an ACL Application on a Series 3400cl or Series 6400cl Switch
It is important to remember that this ACL (and all ACLs) include an implicit
deny any. That is, inbound IP packets (including switched packets having the
switch as the destination IP address) that the ACL does not explicitly permit
or deny will be implicitly denied, and therefore dropped. You can preempt
the implicit deny by inserting a “permit IP any” at the end of an ACL, but this
solution does not apply in the preceding example, where the intention is for
the switch to allow only explicitly permitted packets inbound on port 12.
Overriding the Implicit “Deny Any”. If you want an ACL to permit any
inbound packets that are not explicitly denied by other entries in the ACL, you
can do so by configuring a permit any entry as the last entry in the ACL. Doing
so permits any packet not explicitly denied by earlier entries. (On extended
ACLs, you must configure permit ip any any.)
Planning an ACL Application on a Series
3400cl or Series 6400cl Switch
Before creating and implementing ACLs, you should understand the Series
3400cl and Series 6400cl switch resources available per-port to support ACL
operation, define the policies you want your ACLs to enforce, and understand
how your ACLs will impact your network users.
Switch Resource Usage
ACLs, IGMP, QoS, and Rate Limiting share certain 3400cl/6400cl switch per-
port resources and load these resources in ways that require more careful
attention to per-port resource usage when planning a configuration using
these features. Otherwise, there is an increased possibility of fully consuming
some port resources, which means that at some point the switch would not
support further ACL, QoS, and/or Rate-Limiting configurations on one or more
ports (and/or IGMP on the switch). This section describes resource planning
for ACLs on a 3400cl or 6400cl switch. For QoS resource planning, refer to
chapter
8, “Quality of Service (QoS): Managing Bandwidth More Effectively”.
For Rate-Limiting resource planning, refer to the “Rate Limiting” section in
the chapter titled “Port Traffic Controls” of the Management and Configura-
tion Guide for your switch.
10-16
To Next Page
Loading...
