Access Control List

An access control list (ACL) is a set of rules defined to filter the network traffic. Each ACL is assigned a unique name.

Packet filtering and traffic flow through the network are managed with ACLs, which contain rules that you configure for that purpose. Incoming packets are matched against the entries in ACL. Packets are forwarded or dropped based on criteria specified in ACL. The unique sequence number of each entry indicates the order that the packet will be matched against rules in the ACL. The lower the sequence ID, the earlier the rule will be checked against the packet.

Note

Care should be taken when designing the ACLs being used to prevent a lower-sequence ID from matching all the traffic desired for a higher sequence ID.

ACLs are classified as MAC (Layer 2), IPV4 (Layer 3), or IPv6 (Layer 3) access lists, based on the matching keys. If incoming packets match both Layer 2 and Layer 3 ACLs, Layer 3 ACLs in the same route-map stanza are prioritized and actions associated with L3 ACLs are applied.

• ACLs that are referenced in route-maps or listener polices can be modified and deleted.
• When ACL entries that are in use are deleted, the associated route-map or listener-policy re-program the hardware accordingly.
• Each ACL entry can specify its ability to count or log:
  • The counting action provides packet and octet count (64-bit capacity).
  • Logging action sends a copy of the frame to the CPU.
  • The forwarding action remains unchanged.