ACL overview

An access control list (ACL) is a container for rules that permit or deny network traffic based on criteria that you specify.

When a frame or packet is received or sent, the device compares its header fields against the rules in applied ACLs. This comparison is done according to a rule sequence, which you can specify. Based on the comparison, the device either forwards or drops the frame or packet.

The benefits of ACLs include the following:

Regarding the range of filtering options, there are two types of ACL:

Note

Note

Except on SLX 9740 devices, Egress ACLs do not support TCP flags.

Regarding layer and protocol, ACL types are as follows:

For information on hardware-based filtering of IP subnet-based directed broadcast and network-address traffic, refer to "IP broadcast ACLs (bACLs)."