Creating Standard And Extended Ip Acls - Cisco Catalyst 3550 series Software Configuration Manual
Multilayer switch
Hide thumbs
Also See for Catalyst 3550 series:
- Reference manual (58 pages) ,
- Datasheet (21 pages) ,
- Manual (19 pages)
Table of Contents
Advertisement
Configuring IP ACLs
Creating Standard and Extended IP ACLs
This section summarizes how to create router IP ACLs. An ACL is a sequential collection of permit and
deny conditions. The switch tests packets against the conditions in an access list one by one. The first
match determines whether the switch accepts or rejects the packet. Because the switch stops testing
conditions after the first match, the order of the conditions is critical. If no conditions match, the switch
denies the packet.
These are the steps to use IP ACLs:
Step 1
Create an ACL by specifying an access list number or name and access conditions.
Step 2
Apply the ACL to interfaces or terminal lines. You can also apply standard and extended IP ACLs to
VLAN maps.
The software supports these styles of ACLs or access lists for IP:
•
•
These sections describe access lists and the steps for using them:
•
•
•
•
•
•
Access List Numbers
The number you use to denote your ACL shows the type of access list that you are creating.
lists the access-list number and corresponding access list type and shows whether or not they are
supported in the switch. The Catalyst 3550 switch supports IP standard and IP extended access lists,
numbers 1 to 199 and 1300 to 2699.
Table 28-1 Access List Numbers
Access List Number
1–99
100–199
200–299
300–399
400–499
500–599
600–699
Catalyst 3550 Multilayer Switch Software Configuration Guide
28-8
Standard IP access lists use source addresses for matching operations.
Extended IP access lists use source and destination addresses for matching operations and optional
protocol-type information for finer granularity of control.
Access List Numbers, page 28-8
Creating a Numbered Standard ACL, page 28-9
Creating a Numbered Extended ACL, page 28-11
Creating Named Standard and Extended IP ACLs, page 28-15
Using Time Ranges with ACLs, page 28-17
Including Comments in ACLs, page 28-19
Type
IP standard access list
IP extended access list
Protocol type-code access list
DECnet access list
XNS standard access list
XNS extended access list
AppleTalk access list
Chapter 28
Configuring Network Security with ACLs
Supported
Yes
Yes
No
No
No
No
No
Table 28-1
78-11194-09
Advertisement
Table of Contents
Troubleshooting
