31-8
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-07
Chapter 31 Configuring Network Security with ACLs
Configuring IPv4 ACLs
IPv4 Access List Numbers
The number you use to denote your IPv4 ACL shows the type of access list that you are creating.
Table 31-1 lists the access-list number and corresponding access list type and shows whether or not they
are supported in the switch. The switch supports IPv4 standard and extended access lists, numbers 1
to
199 and 1300 to 2699.
Note In addition to numbered standard and extended IPv4 ACLs, you can also create standard and extended
named IPv4 ACLs by using the supported numbers. That is, the name of a standard IP ACL can be 1 to
99; the name of an extended IP ACL can be 100 to 199. The advantage of using named ACLs instead of
numbered lists is that you can delete individual entries from a named list.
ACL Logging
The switch software can provide logging messages about packets permitted or denied by a standard IP
access list. That is, any packet that matches the ACL causes an informational logging message about the
packet to be sent to the console. The level of messages logged to the console is controlled by the logging
console commands controlling the syslog messages.
Note Because routing is done in hardware and logging is done in software, if a large number of packets match
a permit or deny ACE containing a log keyword, the software might not be able to match the hardware
processing rate, and not all packets will be logged.
Ta b l e 31-1 Access List Numbers
Access List Number Type Supported
1–99 IP standard access list Yes
100–199 IP extended access list Yes
200–299 Protocol type-code access list No
300–399 DECnet access list No
400–499 XNS standard access list No
500–599 XNS extended access list No
600–699 AppleTalk access list No
700–799 48-bit MAC address access list No
800–899 IPX standard access list No
900–999 IPX extended access list No
1000–1099 IPX SAP access list No
1100–1199 Extended 48-bit MAC address access list No
1200–1299 IPX summary address access list No
1300–1999 IP standard access list (expanded range) Yes
2000–2699 IP extended access list (expanded range) Yes
To Next Page
Loading...
Need help?
General
