IP Access Control Lists

An IP ACL (Access Control List) allows network managers to define classification actions and rules for specific ports. ACLs are composed of ACE (Access Control Entry), or rules, that consist of the filters that determine traffic classifications. The total number of rules that can be defined for each ACL is platform-specific. These rules are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken, including dropping the packet or disabling the port, and the additional rules are not checked for a match. For example, a network administrator defines an ACL rule that says port number 20 can receive TCP packets. However, if a UDP packet is received, the packet is dropped.

The IP Access Control List folder contains links to web pages that allow you to configure and view IP ACLs.

To configure an IP ACL:

  1. Use the IP ACL Configuration page to define the IP ACL type and assign an ID to it.
  2. Use the Access Control List Interface Summary page to create rules for the ACL.
  3. Use the Access Control List Configuration page to view the configuration.