Identifying Traffic with Access Lists
This chapter describes how to identify traffic with access lists. Access lists are used in a variety of
features. If your feature uses Modular Policy Framework, you can use an access list to identify traffic
within a traffic class map. For more information on Modular Policy Framework, see
Modular Policy Framework."
•
•
•
•
•
•
•
•
•
For information about IPv6 access lists, see the
Access List Overview
Access lists are made up of one or more Access Control Entries. An ACE is a single entry in an access
list that specifies a permit or deny rule, and is applied to a protocol, a source and destination IP address
or network, and optionally the source and destination ports.
This section includes the following topics:
•
•
•
•
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
This chapter includes the following sections:
Access List Overview, page 13-1
Adding an Extended Access List, page 13-6
Adding an EtherType Access List, page 13-9
Adding a Standard Access List, page 13-11
Simplifying Access Lists with Object Grouping, page 13-11
Adding Remarks to Access Lists, page 13-18
Access List Group Optimization, page 13-18
Scheduling Extended Access List Activation, page 13-24
Logging Access List Activity, page 13-25
Access List Types, page 13-2
Access Control Entry Order, page 13-2
Access List Implicit Deny, page 13-3
IP Addresses Used for Access Lists When You Use NAT, page 13-3
Access List Commitment, page 13-5
Maximum Number of ACEs, page 13-6
C H A P T E R
"Configuring IPv6 Access Lists" section on page
13
Chapter 20, "Using
10-5.
13-1