31-7
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-07
Chapter 31 Configuring Network Security with ACLs
Configuring IPv4 ACLs
These are the steps to use IP ACLs on the switch:
Step 1 Create an ACL by specifying an access list number or name and the access conditions.
Step 2 Apply the ACL to interfaces or terminal lines. You can also apply standard and extended IP ACLs to
VLAN maps.
These sections contain this configuration information:
• Creating Standard and Extended IPv4 ACLs, page 31-7
• Applying an IPv4 ACL to a Terminal Line, page 31-18
• Applying an IPv4 ACL to an Interface, page 31-19
• Hardware and Software Treatment of IP ACLs, page 31-20
• Troubleshooting ACLs, page 31-21
• IPv4 ACL Configuration Examples, page 31-22
Creating Standard and Extended IPv4 ACLs
This section describes IP ACLs. An ACL is a sequential collection of permit and deny conditions. One
by one, the switch tests packets against the conditions in an access list. The first match determines
whether the switch accepts or rejects the packet. Because the switch stops testing after the first match,
the order of the conditions is critical. If no conditions match, the switch denies the packet.
The software supports these types of ACLs or access lists for IPv4:
• Standard IP access lists use source addresses for matching operations.
• Extended IP access lists use source and destination addresses for matching operations and optional
protocol-type information for finer granularity of control.
These sections describe access lists and how to create them:
• IPv4 Access List Numbers, page 31-8
• ACL Logging, page 31-8
• Creating a Numbered Standard ACL, page 31-9
• Creating a Numbered Extended ACL, page 31-10
• Resequencing ACEs in an ACL, page 31-14
• Creating Named Standard and Extended ACLs, page 31-14
• Using Time Ranges with ACLs, page 31-16
• Including Comments in ACLs, page 31-18
To Next Page
Loading...
Need help?
General
