Identifying Traffic with Access Lists
This chapter describes how to identify traffic with access lists.
This chapter includes the following topics:
•
•
•
•
•
•
•
•
•
For information about IPv6 access lists, see the
Access List Overview
Access lists are made up of one or more Access Control Entries. An ACE is a single entry in an access
list that specifies a permit or deny rule, and is applied to a protocol, a source and destination IP address
or network, and optionally the source and destination ports.
Access lists are used in a variety of features. If your feature uses Modular Policy Framework, you can
use an access list to identify traffic within a traffic class map. For more information on Modular Policy
Framework, see
This section includes the following topics:
•
•
•
•
OL-10088-01
Access List Overview, page 16-1
Adding an Extended Access List, page 16-5
Adding an EtherType Access List, page 16-8
Adding a Standard Access List, page 16-9
Adding a Webtype Access List, page 16-10
Simplifying Access Lists with Object Grouping, page 16-10
Adding Remarks to Access Lists, page 16-16
Scheduling Extended Access List Activation, page 16-17
Logging Access List Activity, page 16-18
Chapter 21, "Using Modular Policy Framework."
Access List Types, page 16-2
Access Control Entry Order, page 16-2
Access Control Implicit Deny, page 16-3
IP Addresses Used for Access Lists When You Use NAT, page 16-3
C H A P T E R
"Configuring IPv6 Access Lists" section on page
Cisco Security Appliance Command Line Configuration Guide
16
12-6.
16-1