![](/images/new-backgrounds/1149832/149832189x1.webp)
16
Access Control Lists (ACLs)
This section describes the Access Control Lists (ACLs) feature.
Overview
Access Control Lists (ACLs) are a collection of permit and deny conditions, called rules, that provide security by blocking unauthorized users and allowing authorized users to access specific resources. Normally ACLs reside in a firewall router or in a router connecting two internal networks.
ACL Logging provides a means for counting the number of “hits” against an ACL rule. When you configure ACL Logging, you augment the ACL deny rule specification with a ‘log’ parameter that enables hardware hit count collection and reporting. The
You can set up ACLs to control traffic at Layer 2, Layer 3, or Layer 4. MAC ACLs operate on Layer 2. IP ACLs operate on Layers 3 and 4.
Limitations
The following limitations apply to ACLs.
•Maximum of 100 ACLs.
•Maximum rules per ACL is 10.
•The system supports ACLs set up for inbound traffic only.
•The system does not support MAC ACLs and IP ACLs on the same interface.
•It may not be possible to log every ACL rule due to limited hardware counter resources. You can define an ACL with any number of logging rules, but the number of rules that are actually logged cannot be determined until the ACL is applied to an interface. Further- more, hardware counters that become available after an ACL is applied are not retroac- tively assigned to rules that were unable to be logged (the ACL must be
Overview 95