An access control list (ACL) is a container for rules that permit or deny network traffic based on criteria that you specify.
When a frame or packet is received or sent, the device compares its header fields against the rules in applied ACLs. This comparison is done according to a rule sequence, which you can specify. Based on the comparison, the device either forwards or drops the frame or packet.
The benefits of ACLs include the following:
Regarding the range of filtering options, there are two types of ACL:
Note
Except on SLX 9740 devices, Egress ACLs do not support TCP flags.
For information on hardware-based filtering of IP subnet-based directed broadcast and network-address traffic, refer to "IP broadcast ACLs (bACLs)."