Defining Acl Binding - Cisco SF500-24 Administration Manual

Access Control

Defining ACL Binding

STEP 5
Defining ACL Binding
STEP 1
STEP 2
STEP 3
Cisco 500 Series Stackable Managed Switch Administration Guide
• ICMP—If the ACL is based on ICMP, select the ICMP message type that will
be used for filtering purposes. Either select the message type by name or
enter the message type number. If all message types are accepted, select
Any.
- Any—All message types are accepted.
- Select from list—Select message type by name from the drop-down list.
- ICMP Type to Match—Number of message type that will be used for
filtering purposes.
• ICMP Code—The ICMP messages may have a code field that indicates how
to handle the message. Select one of the following options, to configure
whether to filter on this code:
- Any—Accept all codes.
- User defined—Enter an ICMP code for filtering purposes.
Click Apply.
When an ACL is bound to an interface, its ACE rules are applied to packets arriving at
that interface. Packets that do not match any of the ACEs in the ACL are matched to
a default rule, whose action is to drop unmatched packets.
Although each interface can be bound to only one ACL, multiple interfaces can be
bound to the same ACL by grouping them into a policy-map, and binding that
policy-map to the interface.
After an ACL is bound to an interface, it cannot be edited, modified, or deleted until
it is removed from all the ports to which it is bound or in use.
To bind an ACL to an interface:
Click Access Control > ACL Binding. The ACL Binding page is displayed.
Select an interface type Ports/LAGs (Port or LAG).
Click Go. The list of ports/LAGs is displayed. For each type of interface selected,
all interfaces of that type are displayed with a list of their current ACLs:
20
373