Ip Access Control Lists (Acl), Prefix Lists, And Route-Maps; Overview - Dell Force10 C150 Configuration Manual

IP Access Control Lists (ACL), Prefix Lists, and
Route-maps
IP Access Control Lists, Prefix Lists, and Route-maps
Ingress IP ACLs are supported on platforms:
Egress IP ACLs are supported on platform:

Overview

At their simplest, Access Control Lists (ACLs), Prefix lists, and Route-maps permit or deny traffic based
on MAC and/or IP addresses. This chapter discusses implementing IP ACLs, IP Prefix lists and
Route-maps. For MAC ACLS, refer to the Access Control Lists (ACLs) chapter in the FTOS Command
Line Reference Guide.
An ACL is essentially a filter containing some criteria to match (examine IP, TCP, or UDP packets) and an
action to take (permit or deny). ACLs are processed in sequence so that if a packet does not match the
criterion in the first filter, the second filter (if configured) is applied. When a packet matches a filter, the
switch drops or forwards the packet based on the filter's specified action. If the packet does not match any
of the filters in the ACL, the packet is dropped ( implicit deny).
The number of ACLs supported on a system depends on your CAM size. See
Allocation, and CAM Optimization
Addressable Memory, on page 281
This chapter covers the following topics:
• IP Access Control Lists (ACLs) on page 134
• CAM Profiling, CAM Allocation, and CAM Optimization on page 134
• Implementing ACLs on FTOS on page 137
• IP Fragment Handling on page 138
• Configure a standard IP ACL on page 140
• Configure an extended IP ACL on page 143
• Configuring Layer 2 and Layer 3 ACLs on an Interface on page 146
are supported on platforms:
c e s
e
in this chapter for more information. Refer to
for complete CAM profiling information.

IP Access Control Lists (ACL), Prefix Lists, and Route-maps | 133

8
c e s
CAM Profiling, CAM
Chapter 11, Content