Dell 9.7(0.0) Plumbing Product User Manual

Open as PDF

of 1039

Access Control Lists (ACLs)

This chapter describes access control lists (ACLs), prefix lists, and route-maps.

At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on

MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps.

For MAC ACLS, refer to Layer 2.

An ACL is essentially a filter containing some criteria to match (examine IP, transmission control protocol

[TCP], or user datagram protocol [UDP] packets) and an action to take (permit or deny). ACLs are

processed in sequence so that if a packet does not match the criterion in the first filter, the second filter

(if configured) is applied. When a packet matches a filter, the switch drops or forwards the packet based

on the filter’s specified action. If the packet does not match any of the filters in the ACL, the packet is

dropped (implicit deny).

The number of ACLs supported on a system depends on your content addressable memory (CAM) size.

For more information, refer to User Configurable CAM Allocation and CAM Optimization. For complete

CAM profiling information, refer to Content Addressable Memory (CAM).

You can configure ACLs on VRF instances. In addition to the existing qualifying parameters, Layer 3 ACLs

also incorporate VRF ID as one of the parameters. Using this new capability, you can also configure VRF

based ACLs on interfaces.

NOTE: You can apply Layer 3 VRF-aware ACLs only at the ingress level.

You can apply VRF-aware ACLs on:

• VRF Instances

• Interfaces

In order to configure VRF-aware ACLs on VRF instances, you must carve out a separate CAM region. You

can use the cam-acl command for allocating CAM regions. As part of the enhancements to support

VRF-aware ACLs, the cam-acl command now includes the following new parameter that enables you to

allocate a CAM region:

vrfv4acl.

The order of priority for configuring user-defined ACL CAM regions is as follows:

• V4 ACL CAM

• VRF V4 ACL CAM

• L2 ACL CAM

With the inclusion of VRF based ACLs, the order of precedence of Layer 3 ACL rules is as follows:

• Port/VLAN based PERMIT/DENY Rules

• Port/VLAN based IMPLICIT DENY Rules

• VRF based PERMIT/DENY Rules

Access Control Lists (ACLs)

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Dell 9.7(0.0) Plumbing Product User Manual