ACL configuration

After you enter an ACL command, you may want to inspect the resulting configuration. This is especially true where you are entering multiple ACEs into an ACL. Also, it is helpful to understand the configuration structure when using later sections in this chapter. The basic ACL structure includes four elements:

  1. ACL identity This is a string of up to 64 characters specifying the ACL name.

  2. Optional remark entries.

  3. One or more deny/permit list entries (ACEs): One entry per line.

    Element

    Notes

    Identifier

    Alphanumeric; up to 64 characters, including spaces

    Remark

    Allows up to 100 alphanumeric characters, including blank spaces. (If any spaces are used, the remark must be enclosed in a pair of single or double quotes.).A remark is associated with a particular ACE and has the same sequence number as the ACE. (One remark is allowed per ACE.) See Remarks.

    Maximum ACEs per switch

    The maximum number of ACEs supported by the switch is up to 3072 for IPv6 ACEs and up to 3072 for IPv4 ACEs. The maximum number of ACEs applied to a VLAN or port depends on the concurrent resource usage by multiple configured features. For more information, use the show qos|access-list resources command.

  4. Implicit deny