Enhancements
Release M.10.02 Enhancements
TerminologyACE: See Access Control Entry, below.
Access Control Entry (ACE): An ACE is a policy consisting of a
•permit or drop (action)
•in <
•to <
•[
•[ cnt ] (optional counter that increments when there is a packet match)
ACL: See Access Control List, below.
Access Control List (ACL): A list (or set) consisting of one or more explicitly configured Access Control Entries (ACEs) and terminating with an implicit “deny” default which drops any packets that do not have a match with any explicit ACE in the named ACL.
ACL Mask: Follows a destination IP address listed in an ACE. Defines which bits in a packet’s corresponding IP addressing must exactly match the IP addressing in the ACE, and which bits need not match (wildcards).
DA: The acronym for Destination IP Address. In an IP packet, this is the destination IP address carried in the header, and identifies the destination intended by the packet’s originator.
Deny: An ACE configured with this action causes the switch to drop a packet for which there is a match within an applicable ACL.
Deny Any Any: An abbreviated form of deny in ip from any to any, which denies any inbound IP traffic from any source to any destination.
Extended ACL: This type of Access Control List uses
Implicit Deny: If the switch finds no matches between an inbound packet and the configured criteria in an applicable ACL, then the switch denies (drops) the packet with an implicit “deny IP any/ any” operation. You can preempt the implicit “deny IP any/any” in a given ACL by configuring permit in ip from any to any as the last explicit ACE in the ACL. Doing so permits any inbound IP
48