Foundry Networks Switch and Router Installation And Configuration Manual page 389

Access control lists (ACLs) enable you to permit or deny packets based on source and destination IP address,
IP protocol information, or TCP or UDP protocol information. You can configure the following types of ACLs:
• Standard – Permits or denies packets based on source IP address. Valid standard ACL IDs are 1 – 99 or a
string.
• Extended – Permits or denies packets based on source and destination IP address and also based on IP
protocol information. Valid extended ACL IDs are a number from 100 – 199 or a string.
This chapter also describes Policy-Based Routing (PBR), a feature that allows you to use ACLs and route maps to
selectively modify and route IP packets based on their source IP address.
NOTE: This chapter describes IP forwarding ACLs and management access ACLs only. For information about
ACLs used for BGP4 filtering, see "Configuring BGP4" on page 19-1.
NOTE: For optimal performance, apply deny ACLs to inbound ports instead of outbound ports. This way, traffic
is dropped as it tries to enter the Foundry device, instead of being dropped after it has been forwarded internally to
the outbound port.
NOTE: Outbound ACLs do not filter broadcast traffic or any traffic (including ICMP replies) generated by the
Foundry device itself.
Overview
The following section describes ACLs. To configure ACLs, go to the following sections:
• "Disabling or Re-Enabling Access Control Lists (ACLs)" on page 13-5
• "Configuring Standard ACLs" on page 13-6
• "Configuring Extended ACLs" on page 13-10
• "Configuring Named ACLs" on page 13-19
• "Modifying ACLs" on page 13-20
• "Applying an ACL to a Subset of Ports on a Virtual Interface" on page 13-22
• "Enabling Strict TCP or UDP Mode" on page 13-22
• "Displaying ACLs" on page 13-24
December 2000
Using Access Control Lists (ACLs)
Chapter 13
13 - 1