IPv4 Access Control Lists (ACLs)
Overview
Overview
Types of IPv4 ACLs
A permit or deny policy for IPv4 traffic you want to filter can be based on
source address alone, or on source address plus other factors.
Standard ACL: Use a standard ACL when you need to permit or deny IPv4
traffic based on source address only. Standard ACLs are also useful when you
need to quickly control a performance problem by limiting IPv4 traffic from a
subnet, group of devices, or a single device. (This can block all IPv4 traffic
from the configured source, but does not hamper IPv4 traffic from other
sources within the network.) A standard ACL uses an alphanumeric ID string
or a numeric ID of 1 through 99. You can specify a single host, a finite group
of hosts, or any host.
Extended ACL: Use an extended ACL when simple IPv4 source address
restrictions do not provide the sufficient traffic selection criteria needed on
an interface. Extended ACLs allow use of the following criteria:
■ source and destination IPv4 address combinations
■ IP protocol options
Extended, named ACLs also offer an option to permit or deny IPv4 connec-
tions using TCP for applications such as Telnet, http, ftp, and others.
ACL Applications
ACL filtering is applied to IPv4 traffic as follows:
■ Static port ACL: any inbound IPv4 traffic on that port.
■ Dynamic port ACL: on a port having an ACL assigned by a RADIUS
server to filter an authenticated client’s traffic, filters inbound IPv4
traffic from that client
(For information on RADIUS-assigned ACLs, refer to chapter 6
“Configuring RADIUS Server Support for Switch Services”.)
9-14
