ACL Definitions and Uses

Creating ACLs and Templates

ACL and Template Attributes

Name, Number, and Type Attributes

Creation Date Attribute

Created By Attribute

Modification Date Attribute

Last Modified By Attribute

Comment Attribute

ACL Properties (Use Details)

ACL Uses

Use Modes and Contexts

ACL Definitions and Uses

The following topics explain how to define and use ACLs and ACL templates and describe ACL uses:

Creating ACLs and Templates

You can create ACLs in a number of ways:

Using a combination of the ACL Editor and the ACE Editor.
Using the cut, copy, and paste features; by cutting or copying ACLs or ACEs from one device or ACL and then pasting them to other devices or ACLs.
Using the Template Use Wizard to create an ACL that utilizes a template. This creates a use statement as well as the ACL definition.

Similarly, there are a number of ways you can create templates:

Using the Template Manager in the same way that you create an ACL using the ACL Editor and the ACE Editor.
Saving portions of an ACL (a set of ACEs) as a template.
Saving an existing ACL as a template.

Each ACL or template has the following attributes:

Attribute Description

Name/Number

The name or number of the ACL or ACL template.

Type

The associated ACL type (refer to "Name, Number, and Type Attributes").

Creation Date

Date and time the ACL or template was created. This attribute cannot be edited—it is automatically determined by ACL Manager.

Created By

Name of user who created the ACL or template.

Modification Date

Date the ACL or template was last modified.

Last Modified By

Name of user who last modified the ACL or template.

Comment

Comments inserted by the creator or modifier of the ACL.

Attribute	Description
Name/Number	The name or number of the ACL or ACL template.
Type	The associated ACL type (refer to "Name, Number, and Type Attributes").
Creation Date	Date and time the ACL or template was created. This attribute cannot be edited—it is automatically determined by ACL Manager.
Created By	Name of user who created the ACL or template.
Modification Date	Date the ACL or template was last modified.
Last Modified By	Name of user who last modified the ACL or template.
Comment	Comments inserted by the creator or modifier of the ACL.

After you start ACL Manager (refer to Chapter 3, "Getting Started"), you can use the following procedure to view the ACL definitions for a particular device.

Procedure

Step 1 Expand the device folder in the ACL Manager main window.

Step 2 Select ACL Definitions. The ACLs and their attributes are displayed in the right pane (see Figure 2-1).

Figure 2-1: Displaying ACL Definitions

Name, Number, and Type Attributes

Each ACL must be identified by a name or a number. A number used to identify an ACL must be within a specified range of numbers that is valid for the ACL type (see the following table).

You have the option of letting the ACL Manager select a number for you (the Autonumber feature). If you select Autonumber, ACL Manager will use the first available number in the appropriate range to identify the ACL.

ACL Type Range

IP Standard

1 to 99 (also 1300 to 1399 in IOS Releases 11.1(cc) and 12.0)

IP Extended

100 to 199 (also 2000 to 2699 in IOS Releases 11.1(cc) and 12.0)

IPX Standard

800 to 899

IPX Extended

900 to 999

IPX Summary

1000 to 1099

Rate Limit MAC

1 to 99

Rate Limit Precedence

100 to 199

ACL Type	Range
IP Standard	1 to 99 (also 1300 to 1399 in IOS Releases 11.1(cc) and 12.0)
IP Extended	100 to 199 (also 2000 to 2699 in IOS Releases 11.1(cc) and 12.0)
IPX Standard	800 to 899
IPX Extended	900 to 999
IPX Summary	1000 to 1099
Rate Limit MAC	1 to 99
Rate Limit Precedence	100 to 199

Note Named ACLs are not supported on some versions of device IOSs. In this case, the ACL name is shown with an autonumber appended to the name and enclosed in parentheses. For Rate Limit ACLs, ACL Manager distinguishes the ACL from a standard IP ACL by appending the string "rate-limit" to the number.

Creation Date Attribute

The creation date is inserted automatically when you create an ACL.

Created By Attribute

Your login name (for example, admin) is inserted automatically when you create an ACL.

Modification Date Attribute

The modification date is inserted automatically when you modify an ACL.

When you first create an ACL, the modification date is the same as the creation date.

Last Modified By Attribute

Your login name is inserted automatically when you modify an ACL.

Comment Attribute

You can insert comments when creating or modifying an ACL.

ACL Properties (Use Details)

Certain elements in ACL Manager, such as routers, ACLs, and router interfaces, have associated properties. For an ACL, the properties that you see are actually its use details, as shown in the following table:

Property Description

ACL Uses

The uses defined for the ACL.

Use Context

The context for the use.

IOS Command

The IOS command that implements the use.

For packet filtering, this has the form:

ip access-group 101 in

For line access, this has the form:

access-class 101 in

Description

A description of the use, taken from the IOS reference manual. You cannot change this description.

Property	Description
ACL Uses	The uses defined for the ACL.
Use Context	The context for the use.
IOS Command	The IOS command that implements the use. For packet filtering, this has the form: ip access-group 101 in For line access, this has the form: access-class 101 in
Description	A description of the use, taken from the IOS reference manual. You cannot change this description.

After you start ACL Manager (refer to Chapter 3, "Getting Started"), use the following procedure to view the ACL properties for a particular device.

Procedure

Step 1 Expand the folder for the device, then expand ACL Definitions.

Step 2 Right-click on the required ACL then select Properties. The ACL Properties window is displayed (see Figure 2-2).

Figure 2-2: ACL Properties Window - Supported ACL Uses

Unsupported ACL Uses are shown as "OTHER." (See Figure 2-3)

Figure 2-3: ACL Properties Window - Unsupported ACL Uses

You can also view the properties by selecting the ACL to be examined, then selecting the toolbar button or View > Properties from the main ACL Manager menu.

ACL Uses

You can define ACL use for either line access or packet filtering.

ACL uses in other configuration modes, such as global, router, route-map, and crypto-map can be viewed using ACL Manager. Although you cannot create uses in these modes, if you rename an ACL that is referenced in one of these modes, the use statement is updated with the new ACL name.

Use Modes and Contexts

ACL Manager detects the use modes for ACLs in a selected router. Depending on which uses ACL Manager detects, the following modes can appear when you select ACL Uses in the left pane:

Global
Router
Route Map
Crypto Map
Line
Interface

These modes correspond to router configuration modes in IOS. Except for configuration mode global, all use modes can have one or more use contexts associated with them. Use contexts for line and interface are the actual vtys or lines and interfaces existing on the router.

Use the following procedure to view ACL use information for a particular device.

Procedure

Step 1 Expand the device folder in the ACL Manager main window, then expand ACL Uses.

Step 2 Expand the mode (for example, Interface).

Step 3 Select the specific context to be displayed (for example, Ethernet0). Information about the ACL use is then displayed in the right pane (see Figure 2-4).

Figure 2-4: Displaying ACL Use Mode - Interface

The following ACL use information is displayed:

Attribute Description

ACLs

The ACL used in this context.

IOS Command

The IOS command that implements the use.

Description

A description of the use, taken from the IOS reference manual. You cannot change this description.

Attribute	Description
ACLs	The ACL used in this context.
IOS Command	The IOS command that implements the use.
Description	A description of the use, taken from the IOS reference manual. You cannot change this description.

Table of Contents