YouDecideWeek6 - traffic, see the Cisco Nexus 1000V...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
An ACL is an ordered set of rules for filtering traffic. When the device determines that an ACL applies to a packet, it tests the packet against the rules. The first matching rule determines whether the packet is permitted or denied. If there is no match, the device applies a default rule. The device processes packets that are permitted and drops packets that are denied. ACLs protect networks and specific hosts from unnecessary or unwanted traffic. For example, ACLs are used to disallow HTTP traffic from a high-security network to the Internet. ACLs also allow HTTP traffic but only to specific sites, using the IP address of the site to identify it in an IP ACL. The following types of ACLs are supported for filtering traffic: IP ACLs—The device applies IP ACLs only to IP traffic. MAC ACLs—The device applies MAC ACLs only to non-IP traffic. For detailed information about how rules are used to configure how an ACL configures network
Background image of page 1
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: traffic, see the Cisco Nexus 1000V Security Configuration Guide, Release 4.0(4)SV1(1). The following configuration limits apply to ACLs: • You cannot have more that 128 rules in an ACL. • You cannot have more than 10,000 ACLs (spread across all the ACLs) in one VEM. The following restrictions apply to ACLs: • You cannot apply more than one IP ACL and one MAC ACL in each direction on an interface. • A MAC ACL applies only to Layer 2 packets. • VLAN ACLs are not supported. • IP fragments are not supported n ACL rules. • Non initial fragments are not subject to ACL lookup. • The established option to specify TCP flags is not supported. • You cannot have two not-equal-to (neq) operators in the same rule. ooting/configuration/guide/trouble_9acls.html#wp1191621...
View Full Document

This note was uploaded on 09/09/2010 for the course NETW 208 taught by Professor Gollo during the Spring '10 term at DeVry Columbus North.

Ask a homework question - tutors are online