EasyManuals Logo

Cisco Catalyst 6500 Series User Manual

Cisco Catalyst 6500 Series
392 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #182 background imageLoading...
Page #182 background image
10-2
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
OL-6392-01
Chapter 10 Controlling Network Access with Access Control Lists
Access Control List Overview
Access Control List Types and Uses
This section includes the following topics:
Access Control List Type Overview, page 10-2
Controlling Network Access for IP Traffic (Extended), page 10-2
Identifying Traffic for AAA rules (Extended), page 10-3
Controlling Network Access for IP Traffic for a Given User (Extended), page 10-4
Identifying Addresses for Policy NAT and NAT Exemption (Extended), page 10-4
VPN Management Access (Extended), page 10-5
Controlling Network Access for Non-IP Traffic (EtherType), page 10-5
Redistributing OSPF Routes (Standard), page 10-6
Access Control List Type Overview
Table 10-1 lists the types of ACLs you can create and how you can use them.
Controlling Network Access for IP Traffic (Extended)
Extended ACLs control connections based on source address, destination address, protocol, or port. The
FWSM does not allow any traffic through unless it is explicitly permitted by an extended ACL. This rule
is true for both routed firewall mode and transparent firewall mode.
For TCP and UDP connections, you do not need an ACL to allow returning traffic, because the FWSM
allows all returning traffic for established connections. See the “Stateful Inspection Feature” section on
page 1-5 for more information. For connectionless protocols such as ICMP, however, you either need
Table 10-1 Access Control List Types and Uses
ACL Use ACL Type For more information...
Control network access for IP traffic Extended See the “Controlling Network Access for IP Traffic
(Extended)” section on page 10-2.
Identify traffic for AAA rules Extended See the “Identifying Traffic for AAA rules (Extended)”
section on page 10-3.
Control network access for IP traffic for a
given user
Extended,
downloaded from a
AAA server per user
See the “Controlling Network Access for IP Traffic for a
Given User (Extended)” section on page 10-4.
Identify addresses for NAT (policy NAT
and NAT exemption)
Extended See the “Identifying Addresses for Policy NAT and NAT
Exemption (Extended)” section on page 10-4.
Establish VPN management access Extended See the “VPN Management Access (Extended)” section
on page 10-5.
For transparent firewall mode, control
network access for non-IP traffic
EtherType See the “Controlling Network Access for Non-IP Traffic
(EtherType)” section on page 10-5.
Identify OSPF route redistribution Standard See the “Redistributing OSPF Routes (Standard)” section
on page 10-6.

Table of Contents

Other manuals for Cisco Catalyst 6500 Series

Preview: Command Reference
Command Reference160 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Configuration Note
Configuration Note212 pages
Preview: Installation Note
Installation Note36 pages
Preview: Hardware Installation Guide
Hardware Installation Guide134 pages
Preview: Troubleshooting
Troubleshooting10 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 6500 Series and is the answer not in the manual?

Cisco Catalyst 6500 Series Specifications

General IconGeneral
BrandCisco
ModelCatalyst 6500 Series
CategorySwitch
LanguageEnglish

Related product manuals