ADC 3 Switch User Manual


 
ADC Telecommunications, Inc.
330 C
HAPTER 15: IP PACKET FILTERING
Understanding Access Lists
Access lists are sequential groupings of permit and deny rules. These rules
enable you to permit or deny packets from crossing specified interfaces. An
access list is comprised of both match criteria and actions to take upon
finding a match.
Match criteria can include:
Source IP address
Destination IP address
Source TCP/UDP port
Destination TCP/UDP port
TCP Sync Flag
TCP Establish State
IP Type of Service (TOS)
Actions that can be taken against matching packets include:
Permit
Deny
Change IP TOS
Access lists are pooled and indexed on a system-wide basis. As such, you can
create access-lists in either root mode, or interface configuration mode.
Access lists are then only used by an interface when you enable IP filtering
on the interface and apply the predefined access-lists to the interface using
the access-class command. Each access-list is identified by a list number
that you define when creating the list.
You cannot modify an existing access list, which means that if you want to
change an access list, you must delete it and then recreate it with the same
name.