Access List Overview - Cisco PIX 500 Series Configuration Manual

Identifying Traffic with Access Lists
This chapter describes how to identify traffic with access lists. This chapter includes the following
topics:
•
•
•
•
•
•
•
•
•
For information about IPv6 access lists, see the

Access List Overview

Access lists are made up of one or more Access Control Entries. An ACE is a single entry in an access
list that specifies a permit or deny rule, and is applied to a protocol, a source and destination IP address
or network, and optionally the source and destination ports.
Access lists are used in a variety of features. If your feature uses Modular Policy Framework, you can
use an access list to identify traffic within a traffic class map. For more information on Modular Policy
Framework, see
This section includes the following topics:
•
•
•
•
OL-12172-03
Access List Overview, page 16-1
Adding an Extended Access List, page 16-5
Adding an EtherType Access List, page 16-8
Adding a Standard Access List, page 16-10
Adding a Webtype Access List, page 16-11
Simplifying Access Lists with Object Grouping, page 16-11
Adding Remarks to Access Lists, page 16-17
Scheduling Extended Access List Activation, page 16-18
Logging Access List Activity, page 16-19
Chapter 21, "Using Modular Policy Framework."
Access List Types, page 16-2
Access Control Entry Order, page 16-2
Access Control Implicit Deny, page 16-3
IP Addresses Used for Access Lists When You Use NAT, page 16-3
C H A P T E R
"Configuring IPv6 Access Lists" section on page
Cisco Security Appliance Command Line Configuration Guide
16
12-6.
16-1