Administrator Guide

Access Control Lists (ACLs)
This chapter describes access control lists (ACLs), prefix lists, and route-maps.
At their simplest, ACLs, prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses.
This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer 2.
An ACL is essentially a filter containing some criteria to match (examine IP, transmission control protocol
[TCP], or user datagram protocol [UDP] packets) and an action to take (permit or deny). ACLs are processed in
sequence so that if a packet does not match the criterion in the first filter, the second filter (if configured) is
applied. When a packet matches a filter, the switch drops or forwards the packet based on the filter’s specified
action. If the packet does not match any of the filters in the ACL, the packet is dropped (implicit deny).
The number of ACLs supported on a system depends on your content addressable memory (CAM) size. For
more information, refer to the Content Addressable Memory (CAM) chapter.
Topics:
IP Access Control Lists (ACLs)
Implementing ACL on the Dell Networking OS
ACLs and VLANs
ACL Optimization
Determine the Order in which ACLs are Used to Classify Traffic
IP Fragment Handling
IP Fragments ACL Examples
Layer 4 ACL Rules Examples
Configure a Standard IP ACL
Configuring a Standard IP ACL Filter
Configure an Extended IP ACL
Configuring Filters with a Sequence Number
Configuring Filters Without a Sequence Number
Established Flag
Configure Layer 2 and Layer 3 ACLs
Assign an IP ACL to an Interface
Applying an IP ACL
Counting ACL Hits
Configure Ingress ACLs
Configure Egress ACLs
Applying Egress Layer 3 ACLs (Control-Plane)
IP Prefix Lists
Configuration Task List for Prefix Lists
8
Access Control Lists (ACLs) 126