1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. Catalyst X4232
  6. Installation and configuration note

Cisco Catalyst X4232 Installation And Configuration Note page 61

Layer 3 services module
Hide thumbs
Table of Contents

Advertisement

IP ACLs
The following styles of ACLs for IP are supported:
By default, the end of the ACL contains an implicit deny statement for everything if it did
Note
not find a match before reaching the end. With standard ACLs, if you omit the mask from
an associated IP host address ACL specification, 0.0.0.0 is assumed to be the mask.
After creating an ACL, you must apply it to an interface, as described in the "Applying the ACL to an
Interface" section on page 64.
Named IP ACLs
You can identify IP ACLs with an alphanumeric string, but it must contain at least one alphabetic
character. Named IP ACLs allow you to configure more IP ACLs in a router than if you were to use
numbered ACLs. If you identify your ACL with an alphabetic string instead of a numeric string, the
mode and command syntax are slightly different.
Consider the following before configuring named ACLs:
User Guidelines
Follow these guidelines when you configure IP network access control:
78-10164-03
ACLs are supported only on Gigabit Ethernet ports and corresponding Gigabit Ethernet
subinterfaces.
ACLs are not supported on Bridge-Group Virtual Interface (BVI), Fast EtherChannel (FEC),
Gigabit EtherChannel (GEC), or Fast Ethernet interfaces.
Reflexive and dynamic ACLs are not supported on the Catalyst 4000 Layer 3 Services module.
Access violations accounting is not supported on the Catalyst 4000 Layer 3 Services module.
ACL logging is supported only for packets going to the CPU. ACL logging is not supported for
switched packets.
Standard IP ACLs; these use source addresses for matching operations
Extended IP ACLs; these use source and destination addresses for matching operations and optional
protocol type and port numbers for finer granularity of control
Named ACLs; these use source addresses for matching operations
A standard ACL and an extended ACL cannot have the same name.
Numbered ACLs are also available, as described in the section, "Creating Numbered Standard and
Extended IP ACLs, page 62."
You can program ACL entries into TCAM.
You do not have to enter a deny everything statement at the end of your ACL; it is implicit.
You can enter ACL entries in any order without any performance impact.
For every eight TCAM entries, the switch router uses one entry for TCAM management purposes.
You must have unique ACL names across all protocols.
Installation and Configuration Note for the Catalyst 4000 Layer 3 Services Module
Configuring Access Control Lists
61

Advertisement

Table of Contents
loading

Related Manuals for Cisco Catalyst X4232

Related Products for Cisco Catalyst X4232

This manual is also suitable for:

Catalyst 4000Ws-x4232-l3

Table of Contents