Information About Implementing Layer 2 Access Lists
Information About Implementing Layer 2 Access Lists
Ethernet Services Access Lists Feature Highlights
Ethernet services access lists have these feature highlights:
• The ability to clear counters for an access list using a specific sequence number.
• The ability to copy the contents of an existing access list to another access list.
• Allows users to apply sequence numbers to permit or deny statements and to resequence, add, or remove
• Provides packet filtering on interfaces to forward packets.
• Ethernet services ACLs can be applied on interfaces, VLAN subinterfaces, bundle-Ethernet interfaces,
Purpose of Ethernet Services Access Lists
Using ACL-based forwarding (ABF), Ethernet services access lists perform packet filtering to control which
packets move through the network and where. Such controls help to limit incoming and outgoing network
traffic and restrict the access of users and devices to the network at the port level.
How an Ethernet Services Access List Works
An Ethernet services access list is a sequential list consisting of permit and deny statements that apply to
Layer 2 configurations. The access list has a name by which it is referenced.
An access list can be configured and named, but it is not in effect until the access list is referenced by a
command that accepts an access list. Multiple commands can reference the same access list. An access list
can control Layer 2 traffic arriving at the router or leaving the router, but not traffic originating at the router.
Ethernet Services Access List Process and Rules
Use this process and rules when configuring an Ethernet services access list:
• The software tests the source or destination address of each packet being filtered against the conditions
• If a packet does not match an access list statement, the packet is then tested against the next statement
• If a packet and an access list statement match, the remaining statements in the list are skipped and the
• If the access list denies the address or protocol, the software discards the packet.
L2VPN and Ethernet Services Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 6.3.x
464
such statements from a named access list.
EFPs, and EFPs over bundle-Ethernet interfaces. Atomic replacement of Ethernet services ACLs is
supported on these physical interfaces.
in the access list, one condition (permit or deny statement) at a time.
in the list.
packet is permitted or denied as specified in the matched statement. The first entry that the packet matches
determines whether the software permits or denies the packet. That is, after the first match, no subsequent
entries are considered.
Implementing of Layer 2 Access Lists