10-40
IPv4 Access Control Lists (ACLs)
Configuring and Assigning an IPv4 ACL
CIDR Notation. For information on using CIDR notation to specify ACL
masks, refer to “Using CIDR Notation To Enter the IPv4 ACL Mask” on page
10-49.
Configuring and Assigning an IPv4 ACL
Overview
General Steps for Implementing ACLs
1. Configure one or more ACLs. This creates and stores the ACL(s) in the
switch configuration.
2. Assign an ACL. This step uses one of the following applications to assign
the ACL to an interface:
• RACL (routed IPv4 traffic entering or leaving the switch on a given
VLAN)
• VACL (any IPv4 traffic entering the switch on a given VLAN)
• Static Port ACL (any IPv4 traffic entering the switch on a given port,
port list, or static trunk)
3. If the ACL is applied as an RACL, enable IPv4 routing. Except for instances
where the switch is the traffic source or destination, assigned RACLs filter
IPv4 traffic only when routing is enabled on the switch.
Caution Regarding
the Use of IPv4
Source Routing
IPv4 source routing is enabled by default on the switch and can be used to
override ACLs. For this reason, if you are using ACLs to enhance network
security, the recommended action is to disable source routing on the switch.
To do so, execute no ip source-route.
ACL Feature Page
Configuring and Assigning a Standard ACL 10-50
Configuring and Assigning an Extended ACL 10-59
Enabling or Disabling ACL Filtering 10-81
To Next Page
Loading...
