IPv4 Access Control Lists (ACLs)
Introduction
Introduction
Feature
Numbered ACLs
Named ACLs
Enable or Disable an ACL
Display ACL Data
Delete an ACL
Configure an ACL from a TFTP Server
Enable ACL Logging
Show ACL Resources
Access-List Resources Help
ACL Applications
ACLs can filter traffic from a host, a group of hosts, or from entire subnets.
Where it is necessary to apply ACLs to filter traffic from outside a network or
subnet, applying ACLs at the edge of the network or subnet removes unwanted
traffic as soon as possible, and thus helps to improve system performance.
ACLs filter inbound traffic only and can rapidly consume switch resources.
For these reasons, the best places to apply ACLs are on "edge" ports where
ACLs are likely to be less complex and resource-intensive.
Optional Network Management Applications
ACLs through a RADIUS server can also be augmented using the Identity-
Driven Management (IDM) application available for use with PCM. However,
the features described in this chapter can be used without PCM or IDM
support, if desired.
For information on configuring client authentication on the switch, refer to
chapter 5, "RADIUS Authentication, Authorization, and Accounting".
9-4
Standard ACLs
Extended ACLs
Default
Menu
CLI
None
—
9-40
None
—
9-45
—
9-51
—
9-53
n/a
—
9-55
n/a
—
9-54
n/a
—
9-64
n/a
—
9-69
n/a
—
9-20
n/a
—
9-19
Web
—
—
—
—
—
—
—
—
—
—