Product guide
Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Introduction
Introduction
Feature Default Menu CLI Web
Numbered ACLs
Standard ACLs None — 10-47 —
Extended ACLs None — 10-52 —
Named ACLs — 10-58 —
Enable or Disable an ACL — 10-61 —
Display ACL Data n/a — 10-62 —
Delete an ACL n/a — 10-62 —
Configure an ACL from a TFTP Server n/a — 10-72 —
Enable ACL Logging n/a — 10-77 —
Show ACL Resources
Access-List Resources Help
ACL Applications on Series 3400cl and 6400cl Switches
ACLs can filter traffic from a host, a group of hosts, or from entire subnets.
Where it is necessary to apply ACLs to filter traffic from outside a network or
subnet, applying ACLs at the edge of the network or subnet removes unwanted
traffic as soon as possible, and thus helps to improve system performance.
ACLs on the 3400cl/6400cl switches filter inbound traffic only and can rapidly
consume switch resources. Also, ACLs, QoS, and Rate-Limiting share the same
per-port mask resources on these switches. For these reasons, the best places
to apply ACLs on the 3400cl/6400cl switches are on “edge” ports where ACLs
are likely to be less complex and resource-intensive than in core network
applications where the per-VLAN and inbound/outbound ACL filtering offered
by the Series 5300xl switches may be the best ACL solution.
General Application Options
Layer 3 IP filtering with Access Control Lists (ACLs) on the 3400cl/6400cl
switches enables you to improve network performance and restrict network
use by creating policies for:
10-4