Named IP ACLs, User Guidelines, 13-2 | Cisco Systems 15310-MA

Chapter 13 Configuring Access Control Lists on the ML-Series Card

ML-Series ACL Support

•Access violations accounting is not supported on the ML-Series card.

•ACL logging is supported only for packets going to the CPU, not for switched packets.

•IP standard ACLs applied to bridged egress interfaces are not supported in the data-plane. When bridging, ACLs are only supported on ingress.

IP ACLs

The following ACL styles for IP are supported:

•Standard IP ACLs: These use source addresses for matching operations.

•Extended IP ACLs: (Control plane only) These use source and destination addresses for matching operations and optional protocol type and port numbers for finer granularity of control.

•Named ACLs: These use source addresses for matching operations.

Note By default, the end of the ACL contains an implicit deny statement for everything if it did not find a match before reaching the end. With standard ACLs, if you omit the mask from an associated IP host address ACL specification, 0.0.0.0 is assumed to be the mask.

After creating an ACL, you must apply it to an interface, as shown in the “Applying the ACL to an Interface” section on page 13-4.

Named IP ACLs

You can identify IP ACLs with a name, but it must be an alphanumeric string. Named IP ACLs allow you to configure more IP ACLs in a router than if you used numbered ACLs. If you identify your ACL with an alphabetic rather than a numeric string, the mode and command syntax are slightly different.

Consider the following before configuring named ACLs:

•A standard ACL and an extended ACL cannot have the same name.

•Numbered ACLs are also available, as described in the “Creating Numbered Standard and Extended IP ACLs” section on page 13-3.

User Guidelines

Keep the following in mind when you configure IP network access control:

•You can program ACL entries into Ternary Content Addressable Memory (TCAM).

•You do not have to enter a deny everything statement at the end of your ACL; it is implicit.

•You can enter ACL entries in any order without any performance impact.

•For every eight TCAM entries, the ML-Series card uses one entry for TCAM management purposes.

•Do not set up conditions that result in packets getting lost. This situation can happen when a device or interface is configured to advertise services on a network that has ACLs that deny these packets.

•IP ACLs are not supported for double-tagged (QinQ) packets. They will, however, be applied to IP packets entering on a QinQ access port.

Cisco ONS 15310-CL and Cisco ONS 15310-MA Ethernet Card Software Feature and Configuration Guide R8.5

13-2	78-18133-01

15310-CL, 15310-MA specifications

Cisco Systems has established itself as a leader in the networking domain, offering a wide array of solutions to meet the needs of modern businesses. Among its impressive product lineup are the Cisco 15310-CL and 15310-MA routers, designed to provide advanced network performance and reliability.

The Cisco 15310-CL is a versatile platform that primarily serves as a carrier-class router aimed at supporting high-speed data and voice services. It is built to handle the demands of large enterprises and service providers, offering a robust design that ensures maximum uptime and performance. One of its standout features is its modular architecture, which enables users to customize their configurations based on specific application needs. This scalability allows for future expansion without the need for a complete hardware overhaul.

Key technologies integrated into the Cisco 15310-CL include high-density Ethernet interfaces and a comprehensive suite of Layer 2 and Layer 3 protocol support. The device is capable of supporting multiple types of connections, including TDM, ATM, and Ethernet. This flexibility makes it an ideal choice for organizations that require seamless migration between various service types. Moreover, with features such as MPLS (Multiprotocol Label Switching) support and advanced Quality of Service (QoS) mechanisms, the router ensures that critical applications receive the necessary bandwidth and low latency required for optimal performance.

In contrast, the Cisco 15310-MA focuses on access solutions, providing a cost-effective entry point for businesses looking to enhance their network capabilities. It is well-suited for smaller offices or branch locations that need reliable connectivity without the expense and complexity associated with larger systems. The device supports a range of access methods and provides essential features like firewall capabilities, VPN support, and comprehensive security measures to protect sensitive data.

Both models benefit from Cisco's commitment to security and manageability, offering features like enhanced encryption protocols and user authentication mechanisms that help safeguard networks against threats. Additionally, they can be managed through Cisco’s intuitive software tools, simplifying configuration and monitoring tasks for IT administrators.

The Cisco 15310-CL and 15310-MA are ideal solutions for businesses seeking to enhance their network infrastructure, ensuring firms can keep pace with evolving technology demands while maintaining a focus on security and performance. Their combination of advanced features, modular capabilities, and robust support makes them valuable assets in the networking landscape.

Cisco Systems 15310-MA, 15310-CL manual Named IP ACLs, User Guidelines, 13-2

Models: 15310-CL 15310-MA

IP ACLs

Named IP ACLs

User Guidelines

13-2

15310-CL, 15310-MA specifications