Service Manual
Access Control Lists (ACLs)
This chapter describes access control lists (ACLs), prefix lists, and route-maps.
The S5000 switch supports:
• Access control lists (ACLs)
• Ingress IP and MAC ACLs
• Egress IP and MAC ACLs
At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC
and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC
ACLS, refer to Layer 2.
An ACL is essentially a filter containing some criteria to match (examine IP, transmission control protocol
[TCP], or user datagram protocol [UDP] packets) and an action to take (permit or deny). ACLs are processed in
sequence so that if a packet does not match the criterion in the first filter, the second filter (if configured) is
applied. When a packet matches a filter, the switch drops or forwards the packet based on the filter’s specified
action. If the packet does not match any of the filters in the ACL, the packet is dropped (implicit deny).
The number of ACLs supported on a system depends on your content addressable memory (CAM) size. For
more information, refer to CAM Allocation and CAM Optimization.
Topics:
• IP Access Control Lists (ACLs)
• CAM Allocation and CAM Optimization
• Implementing ACLs on Dell Networking OS
• IP Fragment Handling
• Configure a Standard IP ACL
• Configure an Extended IP ACL
• Established Flag
• Configure Layer 2 and Layer 3 ACLs
• Assign an IP ACL to an Interface
• Configure Ingress ACLs
• Configure Egress ACLs
• Configure ACLs to Loopback
• Applying an ACL on Loopback Interfaces
• IP Prefix Lists
• Creating a Prefix List
• ACL Resequencing
• Route Maps
8
Access Control Lists (ACLs) 143