A colleague and I were talking today and he made a really good point. When did Router ACL’s, which we’ve always just called ACL’s, become rACLs? I’ve personally noticed people using this term more and more, but I believe they are using the term incorrectly. I think this stems from the use of VLAN ACL’s as vACLS, so naturally people decided to start calling ACL’s on a router a rACL. But is that correct? Let’s take a look at the Cisco Documentation.
rACLs in Cisco Documentation
In this first document we notice the use of the term rACL.
This document provides information to help you understand the Access Control List (ACL) merge algorithms and the hardware resources used in Cisco Catalyst 6500 switches to enforce security and apply quality of service (QoS) using router ACLs (RACLs), VLAN ACLs (VACLs), and QoS ACLs.
The above link is referring to a router ACL as a rACL. This document is specific though, to ACL’s on a Catalyst 6500 Series switch, so the proper use of rACL is probably an after thought. Below is another document that refers to ACL’s on a router as rACL’s.
It explains the ACL merge algorithms and the hardware resources used in Cisco Nexus 5000 Switches to enforce security and apply quality of service (QoS) using router ACLs (RACLs), VLAN ACLs (VACLs), and port ACLs (PACLs).
Again, this is a document that is specific to switches. But let’s turn our attention to that of a document for a Cisco Router, specifically the GSR.
This document describes a new security feature called receive access control lists (rACLs) 1 and presents recommendations and guidelines for rACL deployments. Receive ACLs are used to increase security on Cisco 12000 routers by protecting the router’s gigabit route processor (GRP) from unnecessary and potentially nefarious traffic.
In the above document it clearly states that rACL is a feature on the router called a receive ACL. Receive ACLs are designed to protect the resources in a router. They are different that the many other ACL’s that exist on a router, such as a Reflexive ACL (not called a rACL), a Dynamic ACL, a Crypto ACL, and so on.
What about a regular old ACL in router documentation? Well the documentation for Cisco IOS 12.3 M&T doesn’t use the term rACL in the introduction document at all. Just go through the list and do a search for racl and count how many times the term comes up. Zero!
What about IOS-XR? Take a look at the access-list document there and again, no rACL.
I’m beginning to feel like I’m ranting. Oh, yeah, I am. It’s things like this that make it really hard for someone who’s learning Cisco Technologies to get it straight and keep it straight. But it doesn’t stop there. We have an ACE which is an Access Control Entry, or is it an Application Control Engine?
Could it be both?
Of course there are other examples of how the same acronym is used for multiple features. But I wonder if it’s just us as a people getting lazy and wanting to shorten what we are talking or writing about. Whether or not that’s the case is still TBD. It just makes me LOL. The bottom line is that an rACL is a type of ACL seen on a router, and a router ACL could be many types.