Table of Contents
Advertisement
Chapter 98: Advanced Access Control Lists (ACLs)
Overview
Filtering Criteria
1518
Access Control Lists (ACLs) act as filters to control the ingress packets on
ports. They are commonly used to restrict the types of packets ports
accept to increase port security and create physical links dedicated to
carrying specific types of traffic. For instance, you can configure ACLs to
permit ports to accept only ingress packets that have a specific source or
destination IP address.
There are four types of ACLs:
Numbered IPv4 ACLs
Numbered MAC ACLs
Named IPv4 ACLs (and MAC Addresses)
Named IPv6 ACLs
Numbered IPv4 ACLs and Numbered MAC ACLs are identified by ID
numbers. The ID number range for Numbered IPv4 ACLs is 3000 to 3699.
The ID number range for Numbered MAC ACLs is 4000 to 4699. In
addition, Numbered IPv4 ACLs and Numbered MAC ACLs take effect
immediately. You cannot assign them a date or time to begin filtering.
Numbered IPv4 ACLs are only compatible with IPv4 addresses. They are
not compatible with IPv6 addresses.
Both Named IPv4 ACLs and Named IPv6 ACLs are identified by user-
specified names. You can assign both of these types a date and time to
begin and end filtering. In other words, your filtering commands do not
have to take effect immediately. Named IPv4 ACLs are compatible with
IPv4 addresses and MAC addresses. Named IPv6 ACLs are compatible
with IPv6 addresses only.
All types of ACLs identify packets using filtering criteria. There are six
criteria:
Source and destination IP addresses
ICMP source and destination IP addresses
Protocol type
Source and destination TCP ports
Source and destination UDP ports
Source and destination MAC addresses
Hide quick links:
Advertisement
Table of Contents
