Access Control
Overview
398 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
22
• For Layer 4 packets the SYSLOG includes the information (if applicable): source port,
destination port, and TCP flag.
The following are examples of possible SYSLOGs:
• For a non-IP packet:
- 06-Jun-2013 09:49:56 %3SWCOS-I-LOGDENYMAC: gi0/1: deny ACE
00:00:00:00:00:01 -> ff:ff:ff:ff:ff:ff, Ethertype-2054, VLAN-20, CoS-4, trapped
• For an IP packet (v4 and v6):
- 06-Jun-2013 12:38:53 %3SWCOS-I-LOGDENYINET: gi0/1: deny ACE
IPv4(255) 1.1.1.1 -> 1.1.1.10, protocol-1, DSCP-54, ICMP Type-Echo Reply,
ICMP code-5 , trapped
• For an L4 packet:
- 06-Jun-2013 09:53:46 %3SWCOS-I-LOGDENYINETPORTS: gi0/1: deny ACE
IPv4(TCP) 1.1.1.1(55) -> 1.1.1.10(66), trapped
Configuring ACLs
This section describes how to create ACLs and add rules (ACEs) to them.
Creating ACLs Workflow
To create ACLs and associate them with an interface, perform the following:
1. Create one or more of the following types of ACLs:
a. MAC-based ACL by using the MAC-Based ACL page and the MAC-based ACE page
b. IP-based ACL by using the IPv4-based ACL page and the IPv4-Based ACE page
c. IPv6-based ACL by using the IPv6-Based ACL page and the IPv6-Based ACE page
2. Associate the ACL with interfaces by using the ACL Binding (VLAN) or ACL Binding
(Port) page.
To Next Page
Loading...
Need help?
General
