Installation guide
4-59
Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance
OL-26645-02
Chapter 4 Configuring Virtual Contexts
Configuring Security with ACLs
Creating ACLs
Note By default, all traffic is denied by the ACE unless explicitly allowed. Only traffic that is explicitly
allowed in an ACL can pass. All other traffic is denied.
Use this procedure to create, modify, or delete ACLs.
Procedure
Step 1 Choose Config > Virtual Contexts > context > Security > ACLs.
The ACL summary table appears, listing the existing ACLs. ACL summary fields are described in
Table 4-15.
Table 4-15 ACL Summary Table
Field Description
Name Enter a unique identifier for the ACL. Valid entries are unquoted text strings
with a maximum of 64 alphanumeric characters.
Type Specifies the type of ACL:
• Extended—This ACL allows you to specify both the source and the
destination IP addresses of traffic as well as the protocol and the action
to be taken. For more information, see the “Setting Extended ACL
Attributes” section on page 4-61.
• Ethertype—This ACL controls network access for non-IP traffic based
on its EtherType. An EtherType is a sub-protocol identifier. For more
information, see the “Setting EtherType ACL Attributes” section on
page 4-67.
IP Address Type Specifies the type of IP address:
• IPv4—This ACL controls network access for IPv4 traffic.
• IPv6—This ACL controls network access for IPv6 traffic.
# (Line Number) ACL line number for extended type ACL entries.
Action Action to be taken (permit/deny).
Protocol Protocol number or service object group to apply to this ACL entry.
Source Source IPv6 or IPv4 address or source network object group (if configured)
that is being applied to this ACL entry.
Destination Destination IPv6 or IPv4 address or destination network object group (if
configured) that is applied to this ACL entry.
ICMP Indicates whether or not this ACL uses ICMP (Internet Control Message
Protocol). For more information, see the “Table 4-18Protocol Names and
Numbers” section on page 4-64.