Cisco 7609 - Chapter 23 Configuring Network Security; ACL Configuration Guidelines

To Next Page

To Previous Page

CHAPTER

23-1

Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E

78-14064-04

Configuring Network Security

This chapter contains network security information unique to the Cisco 7600 series routers, which

supplements the network security information and procedures in these publications:

• Cisco IOS Security Configuration Guide, Release 12.1, at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/index.htm

• Cisco IOS Security Command Reference, Release 12.1, at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/index.htm

This chapter consists of these sections:

• ACL Configuration Guidelines, page 23-1

• Hardware and Software ACL Support, page 23-2

• Guidelines and Restrictions for Using Layer 4 Operators in ACLs, page 23-3

• Configuring the Cisco IOS Firewall Feature Set, page 23-4

• Configuring MAC Address-Based Traffic Blocking, page 23-7

• Configuring VLAN ACLs, page 23-8

• Configuring TCP Intercept, page 23-18

• Configuring Unicast Reverse Path Forwarding, page 23-19

• Configuring Unicast Flood Protection, page 23-21

• Configuring MAC Move Notification, page 23-22

Note With Releases 12.1(11b)E and later releases, when you are in configuration mode you can enter EXEC

mode-level commands by entering the do keyword before the EXEC mode-level command.

ACL Configuration Guidelines

The following guidelines apply to ACL configurations:

• Each type of ACL (IP, IPX, and MAC) filters only traffic of the corresponding type. A MAC ACL

never matches IP or IPX traffic.

• By default, the MSFC sends Internet Control Message Protocol (ICMP) unreachable messages when

a packet is denied by an access group.

Other manuals for Cisco 7609