Configuring ACLs
Configuring ACLs
Configuring an Extended ACL
Note
Tip
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
1-6
This section contains the following topics:
•
Configuring an Extended ACL
Configuring Comments in an Extended ACL
•
Configuring an EtherType ACL
•
Resequencing Entries
•
An extended ACL allows you to specify both the source and the destination IP
addresses of traffic as well as the following parameters:
Protocol
•
TCP or UDP ports
•
ICMP types and codes
•
You can specify these parameters directly when you use the access-list command
or you can use object groups for each parameter. For more information about
object groups, see the
section.
For TCP, UDP, and ICMP connections, you do not need to apply an ACL on the
destination interface to allow returning traffic, because the ACE allows all
returning traffic for established connections.
The ACE does not explicitly support standard ACLs. To configure a standard
ACL, specify the destination address as any and do not specify the ports in an
extended ACL.
Enter the ACL name in uppercase letters so that the name is easy to see in the
configuration. You may want to name the ACL for the interface (for example,
INBOUND) or for the purpose (for example, NO_NAT or VPN).
Chapter 1
"Simplifying Access Control Lists with Object Groups"
Configuring Security Access Control Lists
OL-16202-01