Acl basics, Defining selection criteria in acl rules – Cabletron Systems SmartSwitch User Manual

Chapter 17: Access Control List Configuration Guide

256

SmartSwitch Router User Reference Manual

ACL Basics

An ACL consists of one or more rules describing a particular type of IP or IPX traffic.
ACLs can be simple, consisting of only one rule, or complicated with many rules. Each
rule tells the SSR to either permit or deny packets that match selection criteria specified in
the rule.

Each ACL is identified by a name. The name can be a meaningful string, such as denyftp or
noweb or it can be a number such as 100 or 101.

For example, the following ACL has a rule that permits all IP packets from subnet
10.2.0.0/16 to go through the SSR:

Defining Selection Criteria in ACL Rules

Selection criteria in the rule describe characteristics about a packet. In the example above,
the selection criteria are IP packets from 10.2.0.0/16.

The selection criteria you can specify in an ACL rule depends on the type of ACL you are
creating. For IP, TCP, and UDP ACLs, the following selection criteria can be specified:

•

Source IP address

•

Destination IP address

•

Source port number

•

Destination port number

•

Type of Service (TOS)

For IPX ACLs, the following selection criteria can be specified:

•

Source network address

•

Destination network address

•

Source IPX socket

•

Destination IPX socket

These selection criteria are specified as fields of an ACL rule. The following syntax
description shows the fields of an IP ACL rule:

Note:

The acl permit|deny ip command restricts traffic for all IP-based protocols, such
as TCP, UDP, ICMP, and IGMP. Variants of the acl permit|deny ip command exist

acl 101 permit ip 10.2.0.0/16

acl

permit|deny

ip