t_sec_acl_config

Available Languages

Updated:March 31, 2020

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Access Control Lists

Access Control Lists

ClosedAbout Access Control Lists

Access control lists (ACLs) perform packet filtering to control the movement of packets through a network. Packet filtering provides security by limiting the access of traffic into a network, restricting user and device access to a network, and preventing traffic from leaving a network. IP access lists reduce the chance of spoofing and denial-of-service attacks, and allow dynamic, temporary user-access through a firewall.

IP access lists can also be used for purposes other than security, such as to control bandwidth, restrict the content of routing updates, redistribute routes, trigger dial-on-demand (DDR) calls, limit debug output, and identify or classify traffic for quality of service (QoS) features.

An access list is a sequential list that consists of at least one permit statement and possibly one or more deny statements. In the case of IP access lists, these statements can apply to IP addresses, upper-layer IP protocols, or other fields in IP packets.

  1. On the Configuration > Security > ACL page, click Add.
  2. In the Add ACL Setup window that is displayed, enter a name for the ACL.
  3. From the ACL Type drop-down list, choose the ACL type from the following options:
    • IPv4 Standard(default)—Access list number can range from 100 to 199 and 2000 to 2699, which is an expanded range.
    • IPv4 Extended—Access list number can range from 1 to 99 and 1300 to 1999, which is an expanded range.
    • IPv4 Role-based
    • IPv6 Role-based
    • IPv6
    • MAC
  4. Enter the sequence number.
  5. Choose the action as either permit or deny.
  6. From the Source Type drop-down list, choose the required source type:
    • If you choose the source type as Host, then you must enter the host name.
    • If you choose the source type as Network, then you must specify the source IP address and source wildcard.

  7. Check the Log check box to enable logs.

  8. Click Add to add the sequence. To edit the sequence, select the sequence to view Source Type, Destination Type, Protocol, and DSCP fields. After editing, click Save or Cancel. You can select the sequence and click Delete to remove the sequence.

  9. Click Apply to Device.

Associating Interfaces

  1. On the Configuration > Security > ACL page, click Associate Interfaces.
  2. In the Associate Interfaces window that is displayed, click the Interface from the Available Interfaces to get the ACL Details.

  3. Click Apply to Device.

 

Related Topics Link IconRelated Topics

 

© 2020 Cisco Systems, Inc. All rights reserved.

 

Was this Document Helpful?

FeedbackFeedback

Contact Cisco