Acl Ids And Entries; Default Acl Action - Foundry Networks Switch and Router Installation And Configuration Manual

Product
BigIron Layer 3 Switch
FastIron II, FastIron II Plus
TurboIron/8
NetIron stackable Layer 3 Switch (octal)
FastIron Backbone Layer 2 Switch
FastIron Workgroup Layer 2 Switch with 8
MB DRAM or greater only
FastIron Workgroup Layer 2 Switch with 2
MB DRAM
TurboIron (not TurboIron/8)
NetIron stackable Layer 3 Switch (non-
octal)
ServerIron

ACL IDs and Entries

ACLs consist of ACL IDs and ACL entries:
• ACL ID – An ACL ID is a number from 1 – 99 (for a standard ACL) or 100 – 199 (for an extended ACL) or a
character string. The ACL ID identifies a collection of individual ACL entries. When you apply ACL entries to
an interface, you do so by applying the ACL ID that contains the ACL entries to the interface, instead of
applying the individual entries to the interface. This makes applying large groups of access filters (ACL
entries) to interfaces simple.
NOTE: This is different from IP access policies. If you use IP access policies, you apply the individual
policies to interfaces.
• ACL entry – An ACL entry is a filter command associated with an ACL ID. The maximum number of ACL
entries you can configure is a system-wide parameter and depends on the device you are configuring. You
can configure up to the maximum number of entries in any combination in different ACLs. The total number
of entries in all ACLs cannot exceed the system maximum.
NOTE: Up to 1024 entries are supported on Layer 3 Switches using Management I, Management II, or
Management III modules. Management IV modules can support up to 4096 ACL entries.
You configure ACLs on a global basis, then apply them to the incoming or outgoing traffic on specific ports. You
can apply only one ACL to a port's inbound traffic and only one ACL to a port's outbound traffic. The software
applies the entries within an ACL in the order they appear in the ACL's configuration. As soon as a match is
found, the software takes the action specified in the ACL entry (permit or deny the packet) and stops further
comparison for that packet.

Default ACL Action

The default action when no ACLs are configured on a device is to permit all traffic. However, once you configure
an ACL and apply it to a port, the default action for that port is to deny all traffic that is not explicitly permitted on
the port.
• If you want to tightly control access, configure ACLs consisting of permit entries for the access you want to
permit. The ACLs implicitly deny all other access.
December 2000
Packet Forwarding ACLs
Supported
X
X
X
X
Using Access Control Lists (ACLs)
Management Access ACLs
Supported
X
X
X
X
X
X
X
13 - 3