24 access control list configuration, 1 acl basics, 1 defining selection criteria in acl rules – Riverstone Networks WICT1-12 User Manual

Riverstone Networks RS Switch Router User Guide Release 8.0 24-1

24 ACCESS CONTROL LIST

CONFIGURATION

This chapter explains how to configure and use Access Control Lists (ACLs) on the RS. ACLs are lists of selection
criteria for specific types of packets. When used in conjunction with certain RS functions, ACLs allow you to
restrict Layer-3/4 traffic going through the router.

This chapter contains the following sections:

•

Section 24.1, "ACL Basics,"

explains how ACLs are defined and how the RS evaluates them.

•

Section 24.2, "Creating and Modifying ACLs,"

describes how to edit ACLs, either remotely or

by using the the RS’s built-in ACL Editor function.

•

Section 24.3, "Using ACLs,"

describes the different kinds of ACLs: Interface ACLs, Service

ACLs, Layer-4 Bridging ACLs, and Profile ACLs, and gives examples of their usage.

•

Section 24.4, "Enabling ACL Logging,"

explains how to log information about packets that are

permitted or denied because of an ACL.

•

Section 24.5, "Monitoring ACLs,"

lists the commands you can use to display information about

ACLs active on the RS.

24.1 ACL BASICS

An ACL consists of one or more rules describing a particular type of IP or IPX traffic. ACLs can be simple,
consisting of only one rule, or complicated with many rules. Each rule tells the RS to either permit or deny packets
that match selection criteria specified in the rule.

Each ACL is identified by a name. The name can be a meaningful string, such as

denyftp

or

noweb

or it can be

a number such as

100

or

101

.

For example, the following ACL has a rule that permits all IP packets from subnet 10.2.0.0/16 to go through the
RS:

24.1.1

Defining Selection Criteria in ACL Rules

Selection criteria in the rule describe characteristics about a packet. In the example above, the selection criteria
are IP packets from 10.2.0.0/16.

acl 101 permit ip 10.2.0.0/16