In computer networking, an access control list (ACL) can refer to a strictly ordered list of rules applied to port numbers or IP addresses available on a host or other network. An ACL may be implemented on networking devices, such as routers and switches, to filter traffic and provide network security. For instance, an ACL may include rules that specify certain network hosts or addresses that a switch should permit or deny access to a network.
An ACL rule may be divided into a condition and an action. That is, if a certain condition is satisfied, then the networking device performs the corresponding action. For example, a rule may specify, as a condition, receiving an incoming frame from a certain IP address. The rule specifies, as a corresponding action, to discard the frame. Typically, networking devices configured with ACLs execute an action associated with the first matching rule in the list.
An ACL may be implemented in a networking device using ternary content addressable memory (TCAM). TCAM is a type of computer memory that allows for high speed searching in the ACL. A networking device may store rule conditions in a TCAM table and rule actions in an addressable array structure, such as a static random-access memory (SRAM) table. When the device matches a condition in the TCAM, the TCAM provides a memory address of the corresponding action in the SRAM.