Chapter 30 Configuring Network Security With Acls; Understanding Acls - Cisco IE 3000 Software Configuration Manual
Hide thumbs
Also See for IE 3000:
- Hardware installation manual (186 pages) ,
- Getting started manual (32 pages) ,
- Software configuration manual (874 pages)
Table of Contents
Advertisement
Configuring Network Security with ACLs
This chapter describes how to configure network security on the IE 3000 switch by using access control
lists (ACLs), which in commands and tables are also referred to as access lists.
Information in this chapter about IP ACLs is specific to IP Version 4 (IPv4).
Note
For complete syntax and usage information for the commands used in this chapter, see the command
reference for this release, the "Configuring IP Services" section in the "IP Addressing and Services"
chapter of the Cisco IOS IP Configuration Guide, Release 12.2, and the Cisco IOS IP Command
Reference, Volume 1 of 3: Addressing and Services, Release 12.2. The Cisco IOS documentation is
available from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline >
Configuration Guides or Command References.
This chapter consists of these sections:
•
•
•
•
Understanding ACLs
Packet filtering can help limit network traffic and restrict network use by certain users or devices. ACLs
filter traffic as it passes through a switch and permit or deny packets crossing specified interfaces. An
ACL is a sequential collection of permit and deny conditions that apply to packets. When a packet is
received on an interface, the switch compares the fields in the packet against any applied ACLs to verify
that the packet has the required permissions to be forwarded, based on the criteria specified in the access
lists. One by one, it tests packets against the conditions in an access list. The first match decides whether
the switch accepts or rejects the packets. Because the switch stops testing after the first match, the order
of conditions in the list is critical. If no conditions match, the switch rejects the packet. If there are no
restrictions, the switch forwards the packet; otherwise, the switch drops the packet. The switch can use
ACLs on all packets it forwards.
You configure access lists on a switch to provide basic security for your network. If you do not configure
ACLs, all packets passing through the switch could be allowed onto all parts of the network. You can use
ACLs to control which hosts can access different parts of a network or to decide which types of traffic
are forwarded or blocked. For example, you can allow e-mail traffic to be forwarded but not Telnet
traffic.
OL-13018-01
Understanding ACLs, page 30-1
Configuring IPv4 ACLs, page 30-4
Creating Named MAC Extended ACLs, page 30-19
Displaying IPv4 ACL Configuration, page 30-22
C H A P T E R
Cisco IE 3000 Switch Software Configuration Guide
30
30-1
Advertisement
Chapters
Table of Contents
Troubleshooting
