Creating access lists – ADC CUDA 3 User Manual

Cuda 12000 IP Access Switch CLI-based Administration Guide

Creating Access Lists

331

Creating Access Lists

Access lists are comprised of rules that are sequenced according to assigned
rule numbers. These rules are created and assigned to access lists using the
access-list command. Packets are matched against the lowest numbered
rules first.

Each rule defines a permit or deny action which determines whether the
packet is accepted or permitted when matched. Note that access lists include
an implicit deny command at the end. This means that an IP filter-enabled
interface rejects (drops) packets for which no match is found.

Figure 15-1 shows a logical representation of an access list:

Figure 15-1 Access List

You can use access lists to filter the following protocols:

■

Internet Protocol (IP)

■

Transmission Control Protocol (TCP)

■

User Datagram Protocol (UDP)

Note that when masking network addresses, 0 indicates “care” bits; 1
indicates “don’t care.” For example, a class C network would be masked as
0.0.0.255.

Rule 1 match / action

Rule 2 match / action

Rule 3 match / action

Rule 2 match / action

Access List

Implicit Deny