ACL configuration structure

After you enter an ACL command, you may want to inspect the resulting configuration. This is especially true where you are entering multiple ACEs into an ACL. Also, it is helpful to understand the configuration structure when using the following information.

The basic ACL structure includes four elements:

Procedure
  1. ACL identity and type: identifies the ACL as standard or extended and shows the ACL name or number.
  2. Optional remark entries.
  3. One or more deny/permit list entries (ACEs): One entry per line.

    Element

    Notes

    Type

    Standard or Extended

    Identifier

    • Alphanumeric; Up to 64 Characters, Including Spaces

    • Numeric: 1-99 (Standard) or 100-199 (Extended)

    Remark

    Allows up to 100 alphanumeric characters, including blank spaces. (If any spaces are used, the remark must be enclosed in a pair of single or double quotes.) A remark is associated with a particular ACE and will have the same sequence number as the ACE. (One remark is allowed per ACE.)

    Maximum ACEs per Switch

    The upper limit on ACEs supported by the switch depends on the concurrent resource usage by configured ACL, QoS, Mirroring, and other features.

  4. Implicit Deny: Where an ACL is in use, it denies any packets that do not have a match with the ACEs explicitly configured in the list. The Implicit Deny does not appear in ACL configuration listings, but always functions when the switch uses an ACL to filter packets. (You cannot delete the Implicit Deny, but you can supersede it with a permit any or permit ip any any statement.)