12-6
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-03
Chapter12 Configuring Network Security with ACLs
Configuring ACLs
Table 12-1 lists a summary of the ACL restrictions on Catalyst 2950 switches.
Configuring ACLs
Note You can configure ACLs only if your switch is running the enhanced software image.
Configuring ACLs on Layer 2 or Layer 3 management VLAN interfaces is the same as configuring ACLs
on Cisco routers. The process is briefly described here. For more detailed information on configuring
router ACLs, refer to the “Configuring IP Services” chapter in the Cisco IP and IP Routing
Configuration Guide for IOS Release 12.1. For detailed information about the commands, refer to Cisco
IOS IP and IP Routing Command Reference for IOS Release 12.1. For a list of IOS features not supported
on the Catalyst 2950 switch, see the “Unsupported Features” sectiononpage12-6.
Unsupported Features
The Catalyst 2950 switch does not support these IOS router ACL-related features:
• Non-IP protocol ACLs (see Table 12-2 on page 12-7).
• Bridge-group ACLs.
• IP accounting.
• No ACL support on the outbound direction.
• Inbound and outbound rate limiting (except with QoS ACLs).
• IP packets with a header length of less than five are not be access-controlled.
• Reflexive ACLs.
• Dynamic ACLs (except for certain specialized dynamic ACLs used by the switch clustering feature.
• ICMP-based filtering.
• IGMP-based filtering.
Table 12-1 Summary of ACL Restrictions
Restriction Number Permitted
Number of user-defined masks allowed in an ACL 1
Number of ACLs allowed on an interface 1
Total number of user-defined masks for security
andQoSallowedonaswitch
4
To Next Page
Loading...
