Product guide
10-26
Access Control Lists (ACLs)
ACL Operation
ACL Operation
Introduction
An ACL is a list of one or more Access Control Entries (ACEs), where each
ACE consists of a matching criteria and an action (permit or deny). An ACL
applies only to the switch in which it is configured. ACLs operate on assigned
interfaces, and offer these traffic filtering options:
■ Any IP traffic inbound on a port.
■ Any IP traffic inbound on a VLAN.
■ Routed IP traffic entering or leaving the switch on a VLAN. (Note that
ACLs do not screen traffic at the internal point where traffic moves
between VLANs or subnets within the switch. Refer to “ACL Applica-
tions” on page 10-15.)
The following table lists the range of interface options:
Interface ACL Application Application Point Filter Action
Port Static Port ACL
(switch configured)
inbound on the switch port any inbound IP traffic
Dynamic Port ACL
1
(RADIUS assigned)
inbound on the switch port
used by authenticated
client
any inbound IP traffic from the
authenticated client
VLAN VACL entering the switch on the
VLAN
any inbound IP traffic
RACL
2
entering the switch on the
VLAN
routed IP traffic entering the
switch and any IP traffic with
a destination on the switch
itself
exiting from the switch on
the VLAN
routed IP traffic exiting from
the switch
1
This chapter describes ACLs statically configured on the switch. For information on dynamic
port ACLs assigned by a RADIUS server, refer to the chapter 7, “Configuring RADIUS Server
Support for Switch Services”.
2
Supports one inbound and/or one outbound RACL. When both are used, one RACL can be
assigned to filter both inbound and outbound, or different RACLs can be assigned to filter
inbound and outbound.