Access Control
ACL Binding
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
409
22
-
IP Precedence to match
—IP precedence is a model of TOS (type of service) that the
network uses to help provide the appropriate QoS commitments. This model uses
the 3 most significant bits of the service type byte in the IP header, as described in
RFC 791 and RFC 1349.
•
ICMP
—If the ACL is based on ICMP, select the ICMP message type that is used for
filtering purposes. Either select the message type by name or enter the message type
number. If all message types are accepted, select
Any
.
-
Any
—All message types are accepted.
-
Select from list
—Select message type by name from the drop-down list.
-
ICMP Type to Match
—Number of message type that is to be used for filtering
purposes.
•
ICMP Code
—The ICMP messages may have a code field that indicates how to handle
the message. Select one of the following options, to configure whether to filter on this
code:
-
Any
—Accept all codes.
-
User Defined
—Enter an ICMP code for filtering purposes.
STEP 5
Click
Apply
.
ACL Binding
When an ACL is bound to an interface (port, LAG or VLAN), its ACE rules are applied to
packets arriving at that interface. Packets that do not match any of the ACEs in the ACL are
matched to a default rule, whose action is to drop unmatched packets.
Although each interface can be bound to only one ACL, multiple interfaces can be bound to
the same ACL by grouping them into a policy-map, and binding that policy-map to the
interface.
After an ACL is bound to an interface, it cannot be edited, modified, or deleted until it is
removed from all the ports to which it is bound or in use.
NOTE
It is possible to bind an interface (port, LAG or VLAN) to a policy or to an ACL, but they
cannot be bound to both a policy and an ACL.
NOTE
In the same class map, a MAC ACL cannot be used with an IPv6 ACE that has a Destination
IPv6 address as a filtering condition.