10-25
IPv4 Access Control Lists (ACLs)
IPv4 Static ACL Operation
IPv4 Static ACL Operation
Introduction
An ACL is a list of one or more Access Control Entries (ACEs), where each
ACE consists of a matching criteria and an action (permit or deny). A static
ACL applies only to the switch in which it is configured. ACLs operate on
assigned interfaces, and offer these traffic filtering options:
■ IPv4 traffic inbound on a port.
■ IPv4 traffic inbound on a VLAN.
■ Routed IPv4 traffic entering or leaving the switch on a VLAN. (Note
that ACLs do not screen traffic at the internal point where traffic
moves between VLANs or subnets within the switch. Refer to “ACL
Applications” on page 10-13.)
The following table lists the range of interface options:
Interface ACL Application Application Point Filter Action
Port Static Port ACL
(switch configured)
inbound on the switch port inbound IPv4 traffic
RADIUS-Assigned
ACL
1
inbound on the switch port
used by authenticated
client
inbound IPv4 and/or IPv6
traffic from the authenticated
client
VLAN VACL entering the switch on the
VLAN
inbound IPv4 traffic
RACL
2
entering the switch on the
VLAN
routed IPv4 traffic entering
the switch and any IPv4 traffic
with a destination on the
switch itself
exiting from the switch on
the VLAN
routed IPv4 traffic exiting from
the switch
1
This chapter describes ACLs statically configured on the switch. For information on RADIUS-
assigned ACLs, refer to chapter 7, “Configuring RADIUS Server Support for Switch
Services”.
2
Supports one inbound and/or one outbound RACL. When both are used, one RACL can be
assigned to filter both inbound and outbound, or different RACLs can be assigned to filter
inbound and outbound.
To Next Page
Loading...
Need help?
General
