Overview of ACL Access Control List

The ACL Access Control List (ACL) is the command List of the vro and vswitch interfaces. It is used to Control incoming and outgoing packets on the port. A table contains matching relationships, conditions, and query statements. It is a framework structure to control a specific access;
Www.2cto.com
(1) ,*************************************** * *** basic principles:
The acl uses the packet filtering technology to read information (Source Address, Destination Address, source port, and destination port) in the layer 3 and Layer 4 headers on the route. The information is filtered according to pre-defined rules)
Acl standard range: 2000-2999
Acl Extended Range No. 3000---3999
**************************************** ******
(2) ACL:
1. Execute that type of communication traffic on the vro port to pass or reject the traffic. You can apply a policy based on the protocol or port! For example, you can allow www (port 80) Communication and reject telnet communication;
2. Provide basic means for secure network access;
3. It can limit excessive network traffic and provide network performance;
**************************************** ******
(3) ACL type:
There are two mainstream ACLs: Standard ACL and extended ACL.
Cisco device ACL
Standard ACL: 1-99 and 1300---1999
Extended ACL: 100-199 and 2000--2699
Www.2cto.com
ACL Access Control List Experiment
Purpose:
Vlan10, 20, and 30 can access vlan40 (server), but cannot access each other. vlan40 can access vlan10, 20, and 30.
 
 
 
Tutorial steps:
(1) configure the four sub-interfaces of eth1 on the vro as the vlan gateway!
(2) apply the standard ACL Policy to the corresponding sub-interface;
 

 
Lab Verification:
(1) first, use the server machine in vlan 40 for verification:

(2) and then use vlan10, 20, and 30 for verification:
 
Vlan10


Vlan20

Vlan 30
 

 
Source http://dchanyu.blog.51cto.com/3346494/799257