To create an ACL, specify the protocol to be filtered by assigning a unique name or number to the ACL and
defining the filtering criteria. Each individual filtering rule that is part of an ACL is called an access control entry
(ACE). A single ACL can have multiple ACEs, and a group of ACEs forms an ACL.
Assigning a Unique Name or Number to Each ACL
Each ACL must be uniquely identified by using either a name or a number. A device could have several ACLs
configured; therefore, the device must have a way to distinguish one ACL from another. Assigning a name or a
number to an ACL serves this objective along with binding the ACL entries together. The ACL name or number
also tells the device which type of ACL it is. (Various ACL types are discussed later in this chapter.)
Tables 2-5 and 2-6 show a list of protocols that can be defined using either the named or numbered ACL. The
table also lists the range of ACL numbers that is valid for each protocol.
Table 2-5. Protocols with ACL Specified by Name
Protocol
Apollo Domain
IP
IPX
ISO CLNS
Network BIOS
Source-route bridging network
Table 2-6. Protocols with ACL Specified by Number
Protocol Range
IP Standard 1 to 99 and 1300 to 1999
Protocol Range
IP Extended 100 to 199 and 2000 to 2699
Protocol type-code 200 to 299
48-bit MAC address ACL 700 to 799
Extended 48-bit MAC address ACL 1100 to 1199
Examples for creating an ACL are shown later under each type of ACL.
Pages:
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83