Access Control List
Feature Name |
Release Information |
Feature Description |
---|---|---|
ACL on Management Port |
Cisco IOS XR Release 7.11.1 |
Access Control List feature enables you to permit or deny specific devices to connect to the management port and access NCS 1010 devices. This control enhances network security. Both IPv4 and IPv6 ACLs are supported on the management port. Commands added:
|
Access Control List
Access Control List (ACL) is a sequential list consisting of permit and deny statements that apply to IP addresses. ACL performs packet filtering to control the packets that move through the network. These controls allow to restrict the access of devices to the network and limit network traffic.
Access Control Entries
Access Control Entries (ACE) are entries in an ACL that describe the access rights related to a particular security identifier or user. An ACL consists of one or more access control entries (ACE) that collectively define the network traffic profile.
Types of Access Control List
ACL types have different set of verification parameters and traffic control methods.
ACL Type |
Verifies |
Controls traffic by |
---|---|---|
Standard ACL |
only the source IP address of the packets. |
comparing the IP address that is configured in the ACL with the source IP address in the packet. |
Extended ACL |
|
comparing the attributes that are defined in the ACL with those in the incoming or outgoing packets. |
Benefits of Access Control List
ACL allows you to
-
filter incoming or outgoing packets on an interface
-
restrict the contents of routing updates
-
limit debug output that is based on an address or protocol, and
-
control vty access.