Table of Contents
Advertisement
C a u t i o n
Note
Security
ACLs can enhance security by blocking traffic carrying an unauthorized
source IPv4 address (SA). This can include:
blocking access from specific devices or interfaces (port or VLAN)
■
■
blocking access to or from subnets in your network
■
blocking access to or from the internet
■
blocking access to sensitive data storage or restricted equipment
preventing specific IPv4, TCP, UDP, IGMP, and ICMP traffic types,
■
including unauthorized access using functions such as Telnet, SSH,
and web browser
You can also enhance switch management security by using ACLs to block
IPv4 traffic that has the switch itself as the destination address (DA).
IPv4 ACLs can enhance network security by blocking selected traffic, and can
serve as one aspect of maintaining network security. However, because ACLs
do not provide user or device authentication, or protection from malicious
manipulation of data carried in IP packet transmissions, they should not
be relied upon for a complete security solution.
Static IPv4 ACLs for the switches covered by this guide do not filter non-IPv4
traffic such as IPv6, AppleTalk, and IPX. RADIUS-assigned ACLs assigned by
a RADIUS server can be configured on the server to filter both IPv4 and IPv6
traffic, but do not filter non-IP traffic.
Guidelines for Planning the Structure of a Static ACL
After determining the filtering type (standard or extended) and ACL applica-
tion (RACL, VACL, or static port ACL) to use at a particular point in your
network, determine the order in which to apply individual ACEs to filter IPv4
traffic (For information on ACL applications, refer to "ACL Applications" on
page 10-13.).
IPv4 Access Control Lists (ACLs)
Planning an ACL Application
10-31
Hide quick links:
Advertisement
Table of Contents
