Access Control | 19713Access ControlThis chapter contains the following major sections:• SFTOS Support for Access Control Lists•Common ACL Commands on page 198•Access Control List Configuration Example on page 202•Applying an IP ACL to the Loopback Interface on page 203• Enabling Broadcast Storm Control on page 205SFTOS Support for Access Control ListsAccess control lists (ACLs) are used to control the traffic entering a network. They are normally used in afirewall router or in a router connecting two internal networks. You may selectively admit or rejectinbound traffic, thereby controlling access to your network, or to specific resources on your network.Each of the 100 available IP ACLs per stack is a set of one to nine rules applied to inbound traffic. Eight ofthe nine rules are user configurable, and the other rule is an implicit deny. In other words, you can create anIP ACL that includes up to eight rules, and then you can apply that ACL to an interface.Both MAC and IP ACLs can be applied to the same interface.Alternatively, you can apply more than one ACL to an interface, as long as no more than eight rules, intotal, are in those ACLs. For example, if you create ACL 1 with three rules and three ACLs with two ruleseach, and then you apply ACL 1 to a particular interface, you can now apply only two of the other threeACLs to that interface, because the remaining ACL contains two rules, pushing the number of appliedrules past the limit of eight.The CLI warns you both when you attempt to add more than eight rules to an ACL and when you attemptto apply more than eight rules to an interface.Each rule specifies whether the contents of a given field should be used to permit or deny access to thenetwork, and may apply to one or more of the following six fields within a packet:• Source IP address• Destination IP address• Source Layer 4 port• Destination Layer 4 port• TOS byte• Protocol number