hit counter script

Chapter 15 Configuring Access Control Lists; Understanding Acls; Ml-Series Acl Support - Cisco ONS 15454 Software Feature And Configuration Manual

Sonet / sdh ml-series multilayer ethernet card
Hide thumbs Also See for ONS 15454:
Table of Contents

Advertisement

Configuring Access Control Lists
This chapter describes the access control list (ACL) features built into the ML-Series card. This chapter
contains the following major sections:

Understanding ACLs

ACLs provide network control and security, allowing you to filter packet flow into or out of ML-Series
interfaces. ACLs, which are sometimes called filters, allow you to restrict network use by certain users
or devices. ACLs are created for each protocol and are applied on the interface for either inbound or
outbound traffic. ACLs do not apply to outbound Control Plane traffic. Only one ACL filter can be
applied per direction per (sub)interface.
When creating ACLs, you define criteria to apply to each packet processed by the ML-Series card; the
ML-Series card decides whether to forward or block the packet based on whether or not the packet
matches the criteria in your list. Packets that do not match any criteria in your list are automatically
blocked by the implicit "deny all traffic" criteria statement at the end of every ACL.

ML-Series ACL Support

Both control-plane and data-plane ACLs are supported on the ML-Series card.
The following apply when using data-plane ACLs on the ML-Series card:
Cisco ONS 15454 SONET/SDH ML-Series Multilayer Ethernet Card Software Feature and Configuration Guide, R4.0
78-15224-02
Understanding ACLs, page 15-1
ML-Series ACL Support, page 15-1
Modifying ACL TCAM Size, page 15-5
Monitoring and Verifying ACL, page 15-6
Control-plane ACLs: ACLs used to filter control data that is processed by the CPU of the ML-Series
card (for example, distribution of routing information, IGMP joins, and so on).
Data-plane ACLs: ACLs used to filter user data being routed or bridged through the ML Series in
hardware (for example, denying access to a host, and so on). These ACLs are applied to an interface
in the input or output direction using the ip access-group command.
ACLs are supported on all interface types, including bridged interfaces.
Reflexive and dynamic ACLs are not supported on the ML-Series card.
Access violations accounting is not supported on the ML-Series card.
C H A P T E R
15
15-1

Advertisement

Table of Contents
loading

Table of Contents