Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Configuring and Assigning an ACL
You should carefully plan your ACL application before configuring specific
ACLs. For more on this topic, refer to “Planning an ACL Application on a Series
3400cl or Series 6400cl Switch” on page 10-16.
ACL Configuration Structure
After you enter an ACL command, you may want to inspect the resulting
configuration. This is especially true where you are entering multiple ACEs
into an ACL. Also, it will be helpful to understand the configuration structure
when using later sections in this chapter.
The basic ACL structure includes three elements:
1. ACL type and name: This identifies the ACL as standard or extended and
shows the ACL name.
2. One or more deny/permit list entries (ACEs): One entry per line.
Element Stnd Ext Notes
ID Range 1 - 99 100 - 199 You can also use an alphanumeric name
of up to 64 characters, including spaces.
Minimum ACEs per ACL 1
Maximum ACEs Per ACL 120
Maximum ACEs per 1024 In some cases, rule usage by ACLs, IGMP,
Switch QoS, and Rate-Limiting, and mask usage
by ACLs may consume available
resources to the point where this limit
cannot be reached.
3. Implicit deny any: Where an ACL is in use, the switch denies any packets
that do not have a match with the ACEs explicitly configured in the ACL.
The implicit deny any does not appear in ACL configuration listings, but
always functions when the switch uses an ACL to filter packets. (You
cannot delete the implicit “deny any”, but you can supersede it with a
“permit any” statement.)
10-36
To Next Page
Loading...
