Acl Types And Uses; Acl Guidelines; Acl Entry Order - Cisco 4700M Configuration Manual

Chapter 1 Configuring Security Access Control Lists

ACL Types and Uses

Note

ACL Guidelines

ACL Entry Order

OL-16202-01
You can configure the following two types of ACLs on the ACE:
Extended—Control network access for IP traffic
•
EtherType—Control network access for non-IP traffic
•
The ACE does not explicitly support standard ACLs. To configure a standard
ACL, specify the destination address as any and do not specify ports in an
extended ACL. For details about configuring an extended ACL, see the
"Configuring an Extended ACL"
This section describes the guidelines to observe when you configure and use
ACLs in your network. This section contains the following topics:
ACL Entry Order
•
• ACL Implicit Deny
Maximum Number of ACLs and ACL Entries
•
An ACL consists of one or more entries. Depending on the ACL type, you can
specify the source and destination addresses, the protocol, the ports (for TCP or
UDP), the ICMP type, the ICMP code, or the EtherType as the match criteria. By
default, the ACE appends each ACL entry at the end of the ACL. You can also
specify the location of each entry within an ACL.
The order of the entries is important. When the ACE decides whether to accept or
refuse a connection, the ACE tests the packet against each ACL entry in the order
in which the entries are listed. After it finds a match, the ACE does not check any
more entries. For example, if you create an entry at the beginning of an ACL that
explicitly permits all traffic, the ACE does not check any other statements in the
ACL.
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
section.
ACL Overview
1-3