Configuring Network Security With Acls; Understanding Acls - Cisco Catalyst 2975 Software Configuration Manual
Ios release 12.2(55)se
Hide thumbs
Also See for Catalyst 2975:
- Hardware installation manual (62 pages) ,
- Brochure (19 pages) ,
- Getting started manual (17 pages)
Table of Contents
Advertisement
Configuring Network Security with ACLs
This chapter describes how to configure network security on the Catalyst 2975 switch by using access
control lists (ACLs), also referred to as access lists. Unless otherwise noted, the term switch refers to a
standalone switch and a switch stack.
In this chapter, references to IP ACLs are specific to IP Version 4 (IPv4) ACLs.
For complete syntax and usage information for the commands used in this chapter, see the command
reference for this release, the "Configuring IP Services" section in the "IP Addressing and Services"
chapter of the Cisco IOS IP Configuration Guide, Release 12.2, and the Cisco IOS IP Command
Reference, Volume 1 of 3: Addressing and Services, Release 12.2. The Cisco IOS documentation is
available from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline >
Configuration Guides or Command References.
•
•
•
•
Understanding ACLs
Packet filtering can help limit network traffic and restrict network use by certain users or devices. ACLs
filter traffic as it passes through a switch and permit or deny packets crossing specified interfaces. An
ACL is a sequential collection of permit and deny conditions that apply to packets. When a packet is
received on an interface, the switch compares the fields in the packet against any applied ACLs to verify
that the packet has the required permissions to be forwarded, based on the criteria specified in the access
lists. One by one, it tests packets against the conditions in an access list. The first match decides whether
the switch accepts or rejects the packets. Because the switch stops testing after the first match, the order
of conditions in the list is critical. If no conditions match, the switch rejects the packet. If there are no
restrictions, the switch forwards the packet; otherwise, the switch drops the packet. The switch can use
ACLs on all packets it forwards.
You configure access lists on a switch to provide basic security for your network. If you do not configure
ACLs, all packets passing through the switch could be allowed onto all parts of the network. You can use
ACLs to control which hosts can access different parts of a network or to decide which types of traffic
are forwarded or blocked. For example, you can allow e-mail traffic to be forwarded but not Telnet
traffic.
OL-19720-02
Understanding ACLs, page 31-1
Configuring IPv4 ACLs, page 31-6
Creating Named MAC Extended ACLs, page 31-22
Displaying IPv4 ACL Configuration, page 31-25
C H A P T E R
Catalyst 2975 Switch Software Configuration Guide
31
31-1
- Quick Links:
- Management Options
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
