Functions Of An Access Control List - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Information About Access Control Lists
An access list may be configured, but it does not take effect until the access list is either applied to an interface,
a virtual terminal line (vty), or referenced by some command that accepts an access list. Multiple commands
can reference the same access list.
The following configuration example shows how to create an IP access list named branchoffices. The ACL
is applied to serial interface 0 on incoming packets. No sources other than those on the networks specified by
each source address and mask pair can access this interface. The destinations for packets coming from sources
on network 172.20.7.0 are unrestricted. The destination for packets coming from sources on network 172.29.2.0
must be 172.25.5.4.
ip access-list extended branchoffices
10 permit 172.20.7.0 0.0.0.3 any
20 permit 172.29.2.0 0.0.0.255 host 172.25.5.4
!
interface serial 0
ip access-group branchoffices in
Functions of an Access Control List
There are many reasons to configure access lists; for example, to restrict contents of routing updates or to
provide traffic flow control. One of the most important reasons to configure access lists is to provide security
for your network, which is the focus of this module.
Use access lists to provide a basic level of security for accessing your network. If you do not configure access
lists on your device, all packets passing through the device are allowed access to all parts of your network.
Access lists can allow a host to access a part of your network and prevent another host from accessing the
same area. In the figure below, Host A is allowed to access the Human Resources network, but Host B is
prevented from accessing the Human Resources network.
You can also use access lists to define the type of traffic that is forwarded or blocked at device interfaces. For
example, you can permit e-mail traffic to be routed but at the same time block all Telnet traffic.
Purpose of IP Access Lists
Access lists perform packet filtering to control which packets move through the network and where. Such
control can help limit network traffic and restrict the access of users and devices to the network. Access lists
have many uses, and therefore many commands accept a reference to an access list in their command syntax.
Access lists can be used to do the following:
• Filter incoming packets on an interface.
• Filter outgoing packets on an interface.
• Restrict the contents of routing updates.
• Limit debug output based on an address or protocol.
• Control virtual terminal line access.
• Identify or classify traffic for advanced features, such as congestion avoidance, congestion management,
and priority and custom queuing.
• Trigger dial-on-demand routing (DDR) calls.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1162
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
