Access Control Lists (ACLs)
This chapter describes the
Access Control Lists (ACLs) are supported on platforms:
Ingress IP and MAC ACLs are supported on platforms:
Egress IP and MAC ACLs are supported on platforms:
Overview
At their simplest, Access Control Lists (ACLs), Prefix lists, and Route-maps permit or deny traffic based
on MAC and/or IP addresses. This chapter discusses implementing IP ACLs, IP Prefix lists and
Route-maps. For MAC ACLS, refer to
An ACL is essentially a filter containing some criteria to match (examine IP , TCP, or UDP packets) and an
action to take (permit or deny). ACLs are processed in sequence so that if a packet does not match the
criterion in the first filter, the second filter (if configured) is applied. When a packet matches a filter, the
switch drops or forwards the packet based on the filter's specified action. If the packet does not match any
of the filters in the ACL, the packet is dropped ( implicit deny).
The number of ACLs supported on a system depends on your CAM size. See
Allocation, and CAM Optimization
Memory (CAM)
This chapter covers the following topics:
•
IP Access Control Lists (ACLs)
•
CAM Profiling, CAM Allocation, and CAM Optimization
•
Implementing ACLs on FTOS
•
IP Fragment Handling
•
Configure a standard IP ACL
•
Configure an extended IP ACL
•
Configuring Layer 2 and Layer 3 ACLs on an Interface
•
Assign an IP ACL to an Interface
•
Configuring Ingress ACLs
•
Configuring Egress ACLs
Access Control Lists
Layer
in this chapter for more information. Refer to
for complete CAM profiling information.
(ACLs), prefix lists, and route-maps.
e c s z
e c s z
e s z
2.
7
CAM Profiling, CAM
Content Addressable
Access Control Lists (ACLs) | 103