xiii
RADIUS-Assigned (Dynamic) Port ACL Applications . . . . . . . . 10-17
Multiple ACLs on an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-19
Features Common to All ACL Applications . . . . . . . . . . . . . . . . . . . . 10-22
General Steps for Planning and Configuring ACLs . . . . . . . . . . . . . . 10-23
IPv4 Static ACL Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-25
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-25
The Packet-filtering Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-26
Planning an ACL Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-29
IPv4 Traffic Management and Improved Network Performance . . 10-29
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-31
Guidelines for Planning the Structure of a Static ACL . . . . . . . . . . . 10-31
IPv4 ACL Configuration and Operating Rules . . . . . . . . . . . . . . . . . . 10-32
How an ACE Uses a Mask To Screen Packets for Matches . . . . . . . 10-35
What Is the Difference Between Network (or Subnet)
Masks and the Masks Used with ACLs? . . . . . . . . . . . . . . . . . . . 10-35
Rules for Defining a Match Between a Packet and an
Access Control Entry (ACE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-36
Configuring and Assigning an IPv4 ACL . . . . . . . . . . . . . . . . . . . . . . 10-40
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-40
General Steps for Implementing ACLs . . . . . . . . . . . . . . . . . . . . 10-40
Options for Permit/Deny Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-41
ACL Configuration Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-41
Standard ACL Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-42
Extended ACL Configuration Structure . . . . . . . . . . . . . . . . . . . 10-43
ACL Configuration Factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-45
The Sequence of Entries in an ACL Is Significant . . . . . . . . . . . 10-45
Allowing for the Implied Deny Function . . . . . . . . . . . . . . . . . . . 10-47
A Configured ACL Has No Effect Until You Apply It
to an Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-47
You Can Assign an ACL Name or Number to an Interface
Even if the ACL Does Not Exist in the Switch’s Configuration 10-47
Using the CLI To Create an ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-48
General ACE Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-48
Using CIDR Notation To Enter the IPv4 ACL Mask . . . . . . . . . 10-49
To Next Page
Loading...
Need help?
General
