Acls - Cisco Catalyst 2950 Software Manual
Desktop switch software configuration guide
Hide thumbs
Also See for Catalyst 2950:
- Configuration manual (710 pages) ,
- Command reference manual (686 pages) ,
- Software configuration manual (674 pages)
Table of Contents
Advertisement
Understanding ACLs
after the first match, the order of conditions in the list is critical. If no conditions match, the switch
rejects the packet. If there are no restrictions, the switch forwards the packet; otherwise, the switch drops
the packet.
You configure access lists on a Layer 2 switch to provide basic security for your network. If you do not
configure ACLs, all packets passing through the switch could be allowed onto all parts of the network.
You can use ACLs to control which hosts can access different parts of a network or to decide which types
of traffic are forwarded or blocked at switch interfaces. For example, you can allow e-mail traffic to be
forwarded but not Telnet traffic. ACLs can be configured to block inbound traffic.
An ACL contains an ordered list of access control entries (ACEs). Each ACE specifies permit or deny
and a set of conditions the packet must satisfy in order to match the ACE. The meaning of permit or deny
depends on the context in which the ACL is used.
The switch supports these types of ACLs:
•
•
ACLs
You can apply ACLs on management VLANs, (see
physical Layer 2 interfaces. ACLs are applied on interfaces for inbound directions.
•
•
•
The switch examines access lists associated with features configured on a given interface and a direction.
As packets enter the switch on an interface, ACLs associated with all inbound features configured on
that interface are examined.
ACLs permit or deny packet forwarding based on how the packet matches the entries in the ACL. For
example, you can use ACLs to allow one host to access a part of a network, but to prevent another host
from accessing the same part. In
the Human Resources network, but prevent Host B from accessing the same network.
Catalyst 2950 Desktop Switch Software Configuration Guide
12-2
IP ACLs filter IP traffic, including TCP and User Datagram Protocol (UDP).
Ethernet ACLs filter Layer 2 traffic.
Standard IP access lists use source addresses for matching operations.
Extended IP access lists use source and destination addresses and optional protocol type information
for matching operations.
MAC extended access list use source and destination mac addresses and optional protocol type
information for matching operations.
Chapter 12
"Management VLANs" section on page
Figure
12-1, ACLs applied at the switch input allow Host A to access
Configuring Network Security with ACLs
8-3), and on
78-11380-03
- Quick Links:
- Features
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
