ACL Commands 2576ACL CommandsDell Networking N2000/N3000/N4000 Series SwitchesAccess to a switch or router can be made more secure through the use ofAccess Control Lists (ACLs) to control the type of traffic allowed into or outof specific ports. An ACL consists of a series of rules, each of which describesthe type of traffic to be processed and the actions to take for packets thatmeet the classification criteria. Rules within an ACL are evaluatedsequentially until a match is found, if any. An implicit deny-all rule is addedafter the end of the last configured access group. ACLs can help ensure thatonly authorized users have access to specific resources while blocking out anyunwarranted attempts to reach network resources.ACLs may be used to restrict contents of routing updates, decide which typesof traffic are forwarded or blocked and, above all, provide security for thenetwork. ACLs are normally used in firewall routers that are positionedbetween the internal network and an external network, such as the Internet.They can also be used on a router positioned between two parts of thenetwork to control the traffic entering or exiting a specific part of the internalnetwork.The Dell Networking ACL feature allows classification of packets based uponLayer 2 through Layer 4 header information. An Ethernet IPv6 packet isdistinguished from an IPv4 packet by its unique Ethertype value; thus, allIPv4 and IPv6 classifiers include the Ethertype field.Multiple ACLs per interface are supported. The ACLs can be a combinationof Layer 2 and/or Layer 3/4 ACLs. ACL assignment is appropriate for bothphysical ports and LAGs. ACLs can also be time based. The maximumnumber of ACLs and rules supported depends on the resources consumed byother processes and configured features running on the switch.ACL LoggingAccess list rules are monitored in hardware to either permit or deny trafficmatching a particular classification pattern, but the network administratorcurrently has no insight as to which rules are beinghit. Some hardwareplatforms have the ability to count the number of hits for a particular