EasyManua.ls Logo

Cisco Catalyst 2950 - Creating Standard and Extended IP Acls; ACL Numbers

Cisco Catalyst 2950
376 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
12-7
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-03
Chapter 12 Configuring Network Security with ACLs
Configuring ACLs
Creating Standard and Extended IP ACLs
This section describes how to create switch IP ACLs. An ACL is a sequential collection of permit and
deny conditions. The switch tests packets against the conditions in an access list one by one. The first
match determines whether the switch accepts or rejects the packet. Because the switch stops testing
conditions after the first match, the order of the conditions is critical. If no conditions match, the switch
denies the packet.
Use these steps to use ACLs:
Step 1 Create an ACL by specifying an access list number or name and access conditions.
Step 2 Apply the ACL to interfaces or terminal lines.
The software supports these styles of ACLs or IP access lists:
Standard IP access lists use source addresses for matching operations.
Extended IP access lists use source and destination addresses for matching operations and optional
protocol-type information for finer granularity of control.
MAC extended access list use source and destination MAC addresses and optional protocol type
information for matching operations.
The next sections describe access lists and the steps for using them.
ACL Numbers
The number you use to denote your ACL shows the type of access list that you are creating. Table 12-2
lists the access list number and corresponding type and shows whether or not they are supported by the
switch. The Catalyst 2950 switch supports IP standard and IP extended access lists, numbers 1 to 199
and 1300 to 2699.
Table 12-2 Access List Numbers
ACL Number Type Supported
199 IP standard access list Yes
100199 IP extended access list Yes
200299 Protocol type-code access list No
300399 DECnet access list No
400499 XNS standard access list No
500599 XNS extended access list No
600699 AppleTalk access list No
700799 48-bit MAC address access list No
800899 IPX standard access list No
900999 IPX extended access list No
10001099 IPX SAP access list No
11001199 Extended 48-bit MAC address access list No

Table of Contents

Other manuals for Cisco Catalyst 2950

Preview: Software Configuration Guide
Software Configuration Guide674 pages
Preview: Command Reference
Command Reference686 pages
Preview: Getting Started Guide
Getting Started Guide28 pages
Preview: Hardware Installation Guide
Hardware Installation Guide232 pages
Preview: Datasheet
Datasheet19 pages

Related product manuals