White Papers
Access Control Lists (ACLs)
This chapter describes access control lists (ACLs), prex lists, and route-maps.
The S5000 switch supports:
• Access control lists (ACLs)
• Ingress IP and MAC ACLs
• Egress IP and MAC ACLs
At their simplest, access control lists (ACLs), prex lists, and route-maps permit or deny trac based on MAC and/or IP addresses. This
chapter describes implementing IP ACLs, IP prex lists and route-maps. For MAC ACLS, refer to Layer 2.
An ACL is essentially a lter containing some criteria to match (examine IP, transmission control protocol [TCP], or user datagram protocol
[UDP] packets) and an action to take (permit or deny). ACLs are processed in sequence so that if a packet does not match the criterion in
the rst lter, the second lter (if congured) is applied. When a packet matches a lter, the switch drops or forwards the packet based on
the lter’s specied action. If the packet does not match any of the lters in the ACL, the packet is dropped (implicit deny).
The number of ACLs supported on a system depends on your content addressable memory (CAM) size. For more information, refer to
CAM Allocation and CAM Optimization.
Topics:
• IP Access Control Lists (ACLs)
• CAM Allocation and CAM Optimization
• Implementing ACLs on Dell Networking OS
• IP Fragment Handling
• Congure a Standard IP ACL
• Congure an Extended IP ACL
• Established Flag
• Congure Layer 2 and Layer 3 ACLs
• Assign an IP ACL to an Interface
• Congure Ingress ACLs
• Congure Egress ACLs
• Congure ACLs to Loopback
• Applying an ACL on Loopback Interfaces
• IP Prex Lists
• Creating a Prex List
• ACL Resequencing
• Route Maps
IP Access Control Lists (ACLs)
In Dell Networking switch/routers, you can create two dierent types of IP ACLs: standard or extended.
A standard ACL lters packets based on the source IP packet. An extended ACL lters trac based on the following criteria:
7
108 Access Control Lists (ACLs)