ACLs
164
Managed Switches
IP ACLs
IP ACLs classify for Layer 3. Each ACL is a set of up to 10 rules applied to inbound traffic.
Each rule specifies whether the contents of a given field should be used to permit or deny
access to the network, and can apply to one or more of the following fields within a packet:
• Source IP address
• Destination IP address
• Source Layer 4 port
• Destination Layer 4 port
• ToS byte
• Protocol number
Note that the order of the rules is important: When a packet matches multiple rules, the first
rule takes precedence. Also, once you define an ACL for a given port, all traffic not
specifically permitted by the ACL is denied access.
ACL Configuration
To configure ACLs:
1. Create an ACL by specifying a name (MAC ACL or named IP ACL) or a number (IP
ACL).
2. Add new rules to the ACL.
3. Configure the match criteria for the rules.
4. Apply the ACL to one or more interfaces.
Set Up an IP ACL with Two Rules
This section shows you how to set up an IP ACL with two rules, one applicable to TCP traffic
and one to UDP traffic. The content of the two rules is the same. TCP and UDP packets will
be accepted by the switch only if the source and destination stations have IP addresses
within the defined sets.
To Next Page
Loading...
