Chapter 24 Managing Network Security With Acls; Understanding Acls - Cisco Catalyst 2360 Software Configuration Manual
Ios 12.2(53)ey
Hide thumbs
Also See for Catalyst 2360:
- Hardware installation manual (74 pages) ,
- Getting started manual (21 pages)
Table of Contents
Advertisement
Managing Network Security with ACLs
This chapter describes how to manage network security on your switch.
For complete syntax and usage information for the commands used in this chapter, see the command
reference for this release, see the "Configuring IP Services" section in the "IP Addressing and Services"
chapter of the Cisco IOS IP Configuration Guide, Release 12.2, and the Cisco IOS IP Command
Reference, Volume 1 of 3: Addressing and Services, Release 12.2.
This chapter consists of these sections:
•
•
•
Understanding ACLs
Note
On the Catalyst 2360 switch, security ACLs are applied to only the management VLAN.
Packet filtering can help limit network traffic and restrict network use by certain users or devices. ACLs
filter traffic as it passes through a router or switch and permit or deny packets crossing specified
interfaces or VLANs. An ACL is a sequential collection of permit and deny conditions that apply to
packets. When a packet is received on an interface, the switch compares the fields in the packet against
any applied ACLs to verify that the packet has the required permissions to be forwarded, based on the
criteria specified in the access lists. One by one, it tests packets against the conditions in an access list.
The first match decides whether the switch accepts or rejects the packets. Because the switch stops
testing after the first match, the order of conditions in the list is critical. If no conditions match, the
switch rejects the packet. If there are no restrictions, the switch forwards the packet; otherwise, the
switch drops the packet. The switch can use ACLs on all packets it forwards, including packets bridged
within a VLAN.
You configure access lists to provide basic security for your network. If you do not configure ACLs, all
packets passing through the switch could be allowed onto all parts of the network. You can use ACLs to
control which hosts can access different parts of a network or to decide which types of traffic are
forwarded or blocked at interfaces. For example, you can allow e-mail traffic to be forwarded but not
Telnet traffic.
An ACL contains an ordered list of access control entries (ACEs). Each ACE specifies permit or deny
and a set of conditions the packet must satisfy in order to match the ACE. The meaning of permit or deny
depends on the context in which the ACL is used.
OL-19808-01
Understanding ACLs, page 24-1
Configuring IPv4 ACLs, page 24-3
Displaying IPv4 ACL Configuration, page 24-16
C H A P T E R
Catalyst 2360 Switch Software Configuration Guide
24
24-1
Advertisement
Chapters
Table of Contents
