Filter
Top Products
Riverstone Networks RS Switch Router User Guide Release 8.0 24-1
24 ACCESS CONTROL LIST
CONFIGURATION
This chapter explains how to configure and use Access Control Lists (ACLs) on the RS. ACLs are lists of selection
criteria for specific types of packets. When used in conjunction with certain RS functions, ACLs allow you to
restrict Layer-3/4 traffic going through the router.
This chapter contains the following sections:
•
Section 24.1, "ACL Basics," explains how ACLs are defined and how the RS evaluates them.
•
Section 24.2, "Creating and Modifying ACLs," describes how to edit ACLs, either remotely or
by using the the RS’s built-in ACL Editor function.
•
Section 24.3, "Using ACLs," describes the different kinds of ACLs: Interface ACLs, Service
ACLs, Layer-4 Bridging ACLs, and Profile ACLs, and gives examples of their usage.
•
Section 24.4, "Enabling ACL Logging," explains how to log information about packets that are
permitted or denied because of an ACL.
•
Section 24.5, "Monitoring ACLs," lists the commands you can use to display information about
ACLs active on the RS.
24.1 ACL BASICS
An ACL consists of one or more rules describing a particular type of IP or IPX traffic. ACLs can be simple,
consisting of only one rule, or complicated with many rules. Each rule tells the RS to either permit or deny packets
that match selection criteria specified in the rule.
Each ACL is identified by a name. The name can be a meaningful string, such as
denyftp
or
noweb
or it can be
a number such as
100
or
101
.
For example, the following ACL has a rule that permits all IP packets from subnet 10.2.0.0/16 to go through the
RS:
24.1.1 Defining Selection Criteria in ACL Rules
Selection criteria in the rule describe characteristics about a packet. In the example above, the selection criteria
are IP packets from 10.2.0.0/16.
acl 101 permit ip 10.2.0.0/16