Access Control List Types And Uses; Access Control List Type Overview; Controlling Network Access For Ip Traffic (Extended); C H A P T E R 10 Controlling Network Access With Access Control Lists - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Access Control List Overview
Access Control List Types and Uses
This section includes the following topics:
•
•
•
•
•
•
•
•
Access Control List Type Overview
Table 10-1
Table 10-1 Access Control List Types and Uses
ACL Use
Control network access for IP traffic
Identify traffic for AAA rules
Control network access for IP traffic for a
given user
Identify addresses for NAT (policy NAT
and NAT exemption)
Establish VPN management access
For transparent firewall mode, control
network access for non-IP traffic
Identify OSPF route redistribution
Controlling Network Access for IP Traffic (Extended)
Extended ACLs control connections based on source address, destination address, protocol, or port. The
FWSM does not allow any traffic through unless it is explicitly permitted by an extended ACL. This rule
is true for both routed firewall mode and transparent firewall mode.
For TCP and UDP connections, you do not need an ACL to allow returning traffic, because the FWSM
allows all returning traffic for established connections. See the
page 1-5
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
10-2
Access Control List Type Overview, page 10-2
Controlling Network Access for IP Traffic (Extended), page 10-2
Identifying Traffic for AAA rules (Extended), page 10-3
Controlling Network Access for IP Traffic for a Given User (Extended), page 10-4
Identifying Addresses for Policy NAT and NAT Exemption (Extended), page 10-4
VPN Management Access (Extended), page 10-5
Controlling Network Access for Non-IP Traffic (EtherType), page 10-5
Redistributing OSPF Routes (Standard), page 10-6
lists the types of ACLs you can create and how you can use them.
ACL Type
Extended
Extended
Extended,
downloaded from a
AAA server per user
Extended
Extended
EtherType
Standard
for more information. For connectionless protocols such as ICMP, however, you either need
Chapter 10
Controlling Network Access with Access Control Lists
For more information...
See the
"Controlling Network Access for IP Traffic
(Extended)" section on page
See the
"Identifying Traffic for AAA rules (Extended)"
section on page
10-3.
See the
"Controlling Network Access for IP Traffic for a
Given User (Extended)" section on page
See the
"Identifying Addresses for Policy NAT and NAT
Exemption (Extended)" section on page
See the
"VPN Management Access (Extended)" section
on page
10-5.
See the
"Controlling Network Access for Non-IP Traffic
(EtherType)" section on page
See the
"Redistributing OSPF Routes (Standard)" section
on page
10-6.
"Stateful Inspection Feature" section on
10-2.
10-4.
10-4.
10-5.
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
