Chapter 27: Access Control; Overview - Cisco 350 Series Administration Manual

Access Control

Overview

Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
The Access Control List (ACL) feature is part of the security mechanism. ACL definitions
serve as one of the mechanisms to define traffic flows that are given a specific Quality of
Service (QoS). For more information see
ACLs enable network managers to define patterns (filter and actions) for ingress traffic.
Packets, entering the device on a port or LAG with an active ACL, are either admitted or
denied entry.
This section contains the following topics:
• Overview
• MAC-Based ACLs Creation
• IPv4-based ACL Creation
• IPv6-Based ACL Creation
• ACL Binding
An Access Control List (ACL) is an ordered list of classification filters and actions. Each
single classification rule, together with its action, is called an Access Control Element (ACE).
Each ACE is made up of filters that distinguish traffic groups and associated actions. A single
ACL may contain one or more ACEs, which are matched against the contents of incoming
frames. Either a DENY or PERMIT action is applied to frames whose contents match the
filter.
The various devices supports the following number of ACLs and ACEs:
Device
SG550XG/SX550X
Quality of
Max ACLs
2K
22
Service.
Max ACEs
2K
395