Table of Contents
Advertisement
ACL ID: A number or alphanumeric string used to identify an ACL. A standard
IPv4 ACL ID can have either an alphanumeric string or a number in the
range of 1 to 99. An extended IPv4 ACL ID can have either an alphanumeric
string or a number in the range of 100 to 199. See also "Identifier".
Note: RADIUS-assigned ACLs are identified by client authentication data
and do not use the ACL ID strings described here.
ACL Mask: Follows any IPv4 address (source or destination) listed in an ACE.
Defines which bits in a packet's corresponding IPv4 addressing must
exactly match the addressing in the ACE, and which bits need not match
(wildcards). See also "How an ACE Uses a Mask To Screen Packets for
Matches" on page 10-35.)
CIDR: This is the acronym for Classless Inter-Domain Routing.
Connection-Rate ACL: An optional feature used with Connection-Rate
filtering based on virus-throttling technology. For more information, refer
to the chapter 3, "Virus Throttling".
DA: The acronym used in text to represent Destination Address. In an IPv4
packet, this is the destination address carried in the header, and identifies
the destination intended by the packet's originator. In an extended ACE,
this is the second of two addresses required by the ACE to determine
whether there is a match between a packet and the ACE. See also "SA".
Deny: An ACE configured with this action causes the switch to drop a packet
for which there is a match within an applicable ACL.
Dynamic Port ACL: See "RADIUS-Assigned ACL".
Extended ACL: This type of IPv4 Access Control List uses layer-3 IP criteria
composed of source and destination addresses and (optionally) TCP/UDP
port, ICMP, IGMP, precedence, or ToS criteria to determine whether there
is a match with an IP packet. Except for RADIUS-assigned ACLs, which
use client credentials for identifiers, extended ACLs require an alphanu-
meric name or an identification number (ID) in the range of 100 - 199.
IDENTIFIER: A term used in ACL syntax statements to represent either the name
or number by which the ACL can be accessed. See also NAME-STR. Note
that RADIUS-assigned ACLs are identified by client authentication data
and do not use the identifiers described in this chapter.
Implicit Deny: If the switch finds no matches between an IPv4 packet and
the configured criteria in an applicable static or dynamic ACL, then the
switch denies (drops) the packet with an implicit deny any function (for
standard ACLs) or an implicit deny ip any any function (for extended
IPv4 Access Control Lists (ACLs)
Terminology
10-9
Hide quick links:
Advertisement
Table of Contents
