Standard and Extended IPv4 ACLs
This section describes IP ACLs.
An ACL is a sequential collection of permit and deny conditions. One by one, the switch tests packets against
the conditions in an access list. The first match determines whether the switch accepts or rejects the packet.
Because the switch stops testing after the first match, the order of the conditions is critical. If no conditions
match, the switch denies the packet.
The software supports these types of ACLs or access lists for IPv4:
•
Standard IP access lists use source addresses for matching operations.
•
Extended IP access lists use source and destination addresses for matching operations and optional
protocol-type information for finer granularity of control.
IPv4 ACL Switch Unsupported Features
Configuring IPv4 ACLs on the switch is the same as configuring IPv4 ACLs on other Cisco switches and
routers.
The switch does not support these Cisco IOS router ACL-related features:
•
Non-IP protocol ACLs
•
IP accounting
•
Reflexive ACLs and dynamic ACLs are not supported.
•
ACL logging for port ACLs and VLAN maps
Access List Numbers
The number you use to denote your ACL shows the type of access list that you are creating.
This lists the access-list number and corresponding access list type and shows whether or not they are supported
in the switch. The switch supports IPv4 standard and extended access lists, numbers 1 to 199 and 1300 to
2699.
Table 14: Access List Numbers
SupportedTypeAccess List Number
YesIP standard access list
1–99
YesIP extended access list
100–199
NoProtocol type-code access list
200–299
NoDECnet access list
300–399
NoXNS standard access list
400–499
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
OL-29434-01 113
Configuring IPv4 ACLs
Standard and Extended IPv4 ACLs
To Next Page
Loading...
