Users Guide
Access Control Lists (ACLs)
This chapter describes access control lists (ACLs), prex lists, and route-maps.
At their simplest, ACLs, prex lists, and route-maps permit or deny trac based on MAC and/or IP addresses. This chapter describes
implementing IP ACLs, IP prex lists and route-maps. For MAC ACLS, refer to Layer 2.
An ACL is essentially a lter containing some criteria to match (examine IP, transmission control protocol [TCP], or user datagram protocol
[UDP] packets) and an action to take (permit or deny). ACLs are processed in sequence so that if a packet does not match the criterion in
the rst lter, the second lter (if congured) is applied. When a packet matches a lter, the switch drops or forwards the packet based on
the lter’s specied action. If the packet does not match any of the lters in the ACL, the packet is dropped (implicit deny).
The number of ACLs supported on a system depends on your content addressable memory (CAM) size. For more information, refer to the
Content Addressable Memory (CAM) chapter.
Topics:
• IP Access Control Lists (ACLs)
• Implementing ACL on the Dell Networking OS
• ACLs and VLANs
• ACL Optimization
• Determine the Order in which ACLs are Used to Classify Trac
• IP Fragment Handling
• IP Fragments ACL Examples
• Layer 4 ACL Rules Examples
• Congure a Standard IP ACL
• Conguring a Standard IP ACL Filter
• Congure an Extended IP ACL
• Conguring Filters with a Sequence Number
• Conguring Filters Without a Sequence Number
• Established Flag
• Congure Layer 2 and Layer 3 ACLs
• Assign an IP ACL to an Interface
• Applying an IP ACL
• Counting ACL Hits
• Congure Ingress ACLs
• Congure Egress ACLs
• Applying Egress Layer 3 ACLs (Control-Plane)
• IP Prex Lists
• Conguration Task List for Prex Lists
• Creating a Prex List
• Creating a Prex List Without a Sequence Number
• Viewing Prex Lists
• Applying a Prex List for Route Redistribution
8
112 Access Control Lists (ACLs)