Chapter 23 Configuring Network Security With Acls; Understanding Acls - Cisco Catalyst 2950 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2950:
- Configuration manual (710 pages) ,
- Command reference manual (686 pages) ,
- Software configuration manual (674 pages)
Table of Contents
Advertisement
Configuring
This chapter describes how to configure network security on your switch by using access control lists
(ACLs), which are also referred to in commands and tables as access lists.
To use the features described in this chapter, you must have the enhanced software image installed on
your switch.
For complete syntax and usage information for the commands used in this chapter, refer to the
Note
Catalyst 2950 Desktop Switch Command Reference for this release and the "Configuring IP Services"
section of Cisco IOS IP and IP Routing Configuration Guide and the Command Reference for IOS
Release 12.1.
You can configure network security by using ACLs by either using the Cluster Management Suite (CMS)
or through the command-line interface (CLI). Refer to the CMS online help for step-by-step
configuration procedures through CMS. For information about accessing and using CMS, see
"Getting Started with CMS."
You can also use the security wizard to filter inbound traffic on the Catalyst 2950 switches. Filtering can
be based on network addresses or TCP/UDP applications. You can choose whether to drop or forward
packets that meet the filtering criteria. To use this wizard, you must know how the network is designed
and how interfaces are used on the filtering device. Refer to the security wizard online help for
step-by-step configuration procedures on using this wizard.
This chapter consists of these sections:
•
•
Understanding ACLs
Packet filtering can limit network traffic and restrict network use by certain users or devices. ACLs can
filter traffic as it passes through a switch and permit or deny packets from crossing specified interfaces.
An ACL is a sequential collection of permit and deny conditions that apply to packets. When a packet is
received on an interface, the switch compares the fields in the packet against any applied ACLs to verify
that the packet has the required permissions to be forwarded, based on the criteria specified in the access
lists. The switch tests the packet against the conditions in an access list one by one. The first match
determines whether the switch accepts or rejects the packet. Because the switch stops testing conditions
78-11380-04
Network Security with ACLs
Understanding ACLs, page 23-1
Configuring ACLs, page 23-6
C H A P T E R
Catalyst 2950 Desktop Switch Software Configuration Guide
23
Chapter 3,
23-1
Advertisement
Table of Contents
Troubleshooting
