The following table lists terms and definitions used in this ACL configuration discussion.
Term | Definition |
---|---|
Access Control List (ACL) | A container of permit, deny, and comment entries for the purpose of Forwarding or not forwarding L3 packets based upon one or more packet fields, such as source and destination IP address, and protocol Allowing or dropping L2 packets based upon one or more packet fields such as source and destination MAC address, DEI, or VLAN |
entry | A member of an ACL that either permits or denies the packet based upon one or more specified packet fields, or provides an ACL comment. |
DEI | The drop eligibility indicator in the VLAN tag |
rule | An ACL entry that allows or drops packets using a permit or deny entry. |
standard ACL | An ACL for which forwarding decisions are made based only upon a source IP address. |
extended ACL | An ACL for which forwarding decisions are made based upon the packet protocol, source and destination ip address, or host address, port matching in the case of the TCP or UDP protocols, as well as, optionally, a specified DSCP, ToS, or IP precedence value. |
Layer 2 (L2) ACL | An ACL for which permit or deny decisions are made based upon some combination of packet source and destination MAC address, DEI, Class of Service, VLAN, and Ethernet II type. |
VRF access | A VRF command mode in which access lists can be applied to groups to and from specified or any VRF for this VRF context. |