Table of Contents
Advertisement
IPv4 Access Control Lists (ACLs)
Terminology
10-8
Terminology
Access Control Entry (ACE): A policy consisting of criteria and an action
(permit or deny) to execute on a packet if it meets the criteria. The
elements composing the criteria include:
•
source IPv4 address and mask (standard and extended ACLs)
•
destination IPv4 address and mask (extended ACLs only)
•
either of the following:
–
all IPv4 traffic
–
IPv4 traffic of a specific IP protocol (extended ACLs only)
(In the cases of TCP, UDP, ICMP, and IGMP, the criteria can
include either all traffic of the protocol type or only the traffic of
a specific sub-type within the protocol.)
•
option to log packet matches with deny ACEs
•
optional use of IP precedence and ToS settings (extended ACLs only)
Access Control List (ACL): A list (or set) consisting of one or more
explicitly configured Access Control Entries (ACEs) and terminating with
an implicit "deny" ACE. ACL types include "standard" and "extended". See
also "Standard ACL" and "Extended ACL". To filter IPv4 traffic, apply
either type in any of the following ways:
•
RACL: an ACL assigned to filter routed traffic entering or leaving the
switch on a VLAN. (Separate assignments are required for inbound
and outbound traffic.)
•
VACL: an ACL assigned to filter inbound traffic on a specific VLAN
configured on the switch
•
Static Port ACL: an ACL assigned to filter inbound traffic on a specific
switch port
•
RADIUS-assigned ACL: dynamic ACL assigned to a port by a RADIUS
server to filter inbound traffic from an authenticated client on that
port
An ACL can be configured on a VLAN as an RACL or VACL (or both), and
on a port (or static trunk) as a static port ACL. (RADIUS-assigned ACLs
are configured on a RADIUS server.)
ACE: See "Access Control Entry".
ACL: See "Access Control List".
Hide quick links:
Advertisement
Table of Contents
