User's Manual
Brocade Network Advisor IP User Manual 581
53-1003056-01
Layer 3 access control list policy
18
An ACL is a unique collection of permit and deny statements (rules) that apply to frames. You can
use ACLs to permit or deny incoming and outgoing frames from passing through an interface to
which you assigned the ACLs. When the interface receives the frame, the device compares the
fields in the frame against any ACLs assigned to the interface to verify that the frame has the
required permissions to be forwarded. The device compares the frame, sequentially, against each
rule in the assigned ACL. If the frame matches the ‘permit’ rule, the traffic is forwarded; otherwise,
the traffic is dropped.
You must configure the ACL on the device before you assign the ACL to an interface. You can create
multiple ACLs and save them to the device configuration. However, the ACL does not filter traffic
until you assign it to an interface. You can assign an ACL on the following interface types: physical
port, Virtual LAN (VLAN), or Link Aggregation Group (LAG).
You can create two types of ACLs:
• Standard ACL — Use to permit and deny traffic based on the source IP address, host name, or
network. You should use standard ACLs when you only need to filter traffic based the source.
You can create up to 99 standard ACLs ranging from 1 through 99. For more information, refer
to “Creating a standard L3 ACL configuration” on page 581.
• Extended ACL — Use to permit and deny traffic based on the source and destination using the
following:
- Source and destination IP address
- Host name
- User-defined network and network groups
- IP protocol
- Source and destination port
You can create up to 100 extended ACLs ranging from 100 through 199. For more information,
refer to “Creating an extended L3 ACL configuration” on page 585.
Creating a standard L3 ACL configuration
To create a standard L3 ACL configuration, complete the following steps.