Cisco Systems 15310-CL Network Card User Manual

Open as PDF

of 278

CHAPTER

13-1

Cisco ONS 15310-CL and Cisco ONS 15310-MA Ethernet Card Software Feature and Configuration Guide R8.5

78-18133-01

Configuring Access Control Lists on the

ML-Series Card

This chapter describes the access control list (ACL) features built into the ML-Series card and contains

the following major sections:

• Understanding ACLs, page 13-1

• ML-Series ACL Support, page 13-1

• Modifying ACL TCAM Size, page 13-5

Understanding ACLs

ACLs provide network control and security, allowing you to filter packet flow into or out of ML-Series

interfaces. ACLs, which are sometimes called filters, allow you to restrict network use by certain users

or devices. ACLs are created for each protocol and are applied on the interface for either inbound or

outbound traffic. ACLs do not apply to outbound control plane traffic. Only one ACL filter can be

applied per direction per subinterface.

When creating ACLs, you define criteria to apply to each packet processed by the ML-Series card; the

ML-Series card decides whether to forward or block the packet based on whether or not the packet

matches the criteria in your list. Packets that do not match any criteria in your list are automatically

blocked by the implicit “deny all traffic” criteria statement at the end of every ACL.

ML-Series ACL Support

Both control-plane and data-plane ACLs are supported on the ML-Series card:

• Control-plane ACLs: ACLs used to filter control data that is processed by the CPU of the ML-Series

card (for example, distribution of routing information, Internet Group Membership Protocol (IGMP)

joins, and so on).

• Data-plane ACLs: ACLs used to filter user data being routed or bridged through the ML Series in

hardware (for example, denying access to a host, and so on). These ACLs are applied to an interface

in the input or output direction using the ip access-group command.

The following apply when using data-plane ACLs on the ML-Series card:

• ACLs are supported on all interface types, including bridged interfaces.

• Reflexive and dynamic ACLs are not supported on the ML-Series card.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems 15310-CL Network Card User Manual