Understanding access lists – ADC CUDA 3 User Manual

Page 332

Advertising
background image

ADC Telecommunications, Inc.

330

C

HAPTER

15: IP P

ACKET

F

ILTERING

Understanding Access Lists

Access lists are sequential groupings of permit and deny rules. These rules
enable you to permit or deny packets from crossing specified interfaces. An
access list is comprised of both match criteria and actions to take upon
finding a match.

Match criteria can include:

Source IP address

Destination IP address

Source TCP/UDP port

Destination TCP/UDP port

TCP Sync Flag

TCP Establish State

IP Type of Service (TOS)

Actions that can be taken against matching packets include:

Permit

Deny

Change IP TOS

Access lists are pooled and indexed on a system-wide basis. As such, you can
create access-lists in either root mode, or interface configuration mode.
Access lists are then only used by an interface when you enable IP filtering
on the interface and apply the predefined access-lists to the interface using
the access-class command. Each access-list is identified by a list number
that you define when creating the list.

You cannot modify an existing access list, which means that if you want to
change an access list, you must delete it and then recreate it with the same
name.

Advertising