Chapter 15 Configuring Access Control Lists; Understanding Acls; Ml-Series Acl Support - Cisco ONS 15454 Software Feature And Configuration Manual

Sonet / sdh ml-series multilayer ethernet card

Hide thumbs Also See for ONS 15454:

Procedure manual (850 pages)

Reference manual (728 pages)

Troubleshooting manual (558 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

page of 232

/ 232
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring Access Control Lists

This chapter describes the access control list (ACL) features built into the ML-Series card. This chapter

contains the following major sections:

•

Understanding ACLs

ACLs provide network control and security, allowing you to filter packet flow into or out of ML-Series

interfaces. ACLs, which are sometimes called filters, allow you to restrict network use by certain users

or devices. ACLs are created for each protocol and are applied on the interface for either inbound or

outbound traffic. ACLs do not apply to outbound Control Plane traffic. Only one ACL filter can be

applied per direction per (sub)interface.

When creating ACLs, you define criteria to apply to each packet processed by the ML-Series card; the

ML-Series card decides whether to forward or block the packet based on whether or not the packet

matches the criteria in your list. Packets that do not match any criteria in your list are automatically

blocked by the implicit "deny all traffic" criteria statement at the end of every ACL.

ML-Series ACL Support

Both control-plane and data-plane ACLs are supported on the ML-Series card.

•

The following apply when using data-plane ACLs on the ML-Series card:

•

Cisco ONS 15454 SONET/SDH ML-Series Multilayer Ethernet Card Software Feature and Configuration Guide, R4.0

78-15224-02

Understanding ACLs, page 15-1

ML-Series ACL Support, page 15-1

Modifying ACL TCAM Size, page 15-5

Monitoring and Verifying ACL, page 15-6

Control-plane ACLs: ACLs used to filter control data that is processed by the CPU of the ML-Series

card (for example, distribution of routing information, IGMP joins, and so on).

Data-plane ACLs: ACLs used to filter user data being routed or bridged through the ML Series in

hardware (for example, denying access to a host, and so on). These ACLs are applied to an interface

in the input or output direction using the ip access-group command.

ACLs are supported on all interface types, including bridged interfaces.

Reflexive and dynamic ACLs are not supported on the ML-Series card.

Access violations accounting is not supported on the ML-Series card.

C H A P T E R

15-1

Table of Contents

Chapter 15 Configuring Access Control Lists; Understanding Acls; Ml-Series Acl Support - Cisco ONS 15454 Software Feature And Configuration Manual

Understanding ACLs

ML-Series ACL Support

Related Manuals for Cisco ONS 15454

Related Content for Cisco ONS 15454

Table of Contents