Reference Guide
Access Control Lists (ACL), Prefix Lists, and Route-maps | 97
7
Access Control Lists (ACL), Prefix Lists, and
Route-maps
Access Control Lists, Prefix Lists, and Route-maps are supported on platforms: c e s
Ingress IP and MAC ACLs are supported on platforms: c e s
Overview
At their simplest, Access Control Lists (ACLs), Prefix lists, and Route-maps permit or deny traffic based
on MAC and/or IP addresses. This chapter discusses implementing IP ACLs, IP Prefix lists and
Route-maps. For MAC ACLS, refer to Chapter 10, Layer 2, on page 47.
An ACL is essentially a filter containing some criteria to match (examine IP, TCP, or UDP packets) and an
action to take (permit or deny). ACLs are processed in sequence so that if a packet does not match the
criterion in the first filter, the second filter (if configured) is applied. When a packet matches a filter, the
switch drops or forwards the packet based on the filter’s specified action. If the packet does not match any
of the filters in the ACL, the packet is dropped (implicit deny).
The number of ACLs supported on a system depends on your CAM size. See CAM Profiling, CAM
Allocation, and CAM Optimization in this chapter for more information. Refer to Chapter 10, Content
Addressable Memory, on page 209 for complete CAM profiling information.
This chapter covers the following topics:
• IP Access Control Lists (ACLs)
• CAM Profiling, CAM Allocation, and CAM Optimization
• Implementing ACLs on FTOS
• IP Fragment Handling
• Configure a standard IP ACL
• Configure an extended IP ACL
• Configuring Layer 2 and Layer 3 ACLs on an Interface
• Assign an IP ACL to an Interface
• Configuring Ingress ACLs
• IP Prefix Lists