Table of Contents
Advertisement
Configuring Network Security with ACLs
This chapter describes how to configure network security on the Catalyst 3750 switch by using access
control lists (ACLs), which are also referred to in commands and tables as access lists. Unless otherwise
noted, the term switch refers to a standalone switch and a switch stack.
For complete syntax and usage information for the commands used in this chapter, refer to the command
reference for this release, refer to the "Configuring IP Services" section in the "IP Addressing and
Services" chapter of the Cisco IOS IP Configuration Guide, Release 12.2, and to these software
configuration guides and command references:
•
•
•
This chapter consists of these sections:
•
•
•
•
•
•
Understanding ACLs
Packet filtering can help limit network traffic and restrict network use by certain users or devices. ACLs
filter traffic as it passes through a router or switch and permit or deny packets crossing specified
interfaces or VLANs. An ACL is a sequential collection of permit and deny conditions that apply to
packets. When a packet is received on an interface, the switch compares the fields in the packet against
any applied ACLs to verify that the packet has the required permissions to be forwarded, based on the
criteria specified in the access lists. One by one, it tests packets against the conditions in an access list.
The first match decides whether the switch accepts or rejects the packets. Because the switch stops
testing after the first match, the order of conditions in the list is critical. If no conditions match, the
switch rejects the packet. If there are no restrictions, the switch forwards the packet; otherwise, the
switch drops the packet. The switch can use ACLs on all packets it forwards, including packets bridged
within a VLAN.
78-16180-02
Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2
Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2
Cisco IOS IP Command Reference, Volume 3 of 3: Multicast, Release 12.2
Understanding ACLs, page 31-1
Configuring IP ACLs, page 31-6
Creating Named MAC Extended ACLs, page 31-27
Configuring VLAN Maps, page 31-30
Using VLAN Maps with Router ACLs, page 31-37
Displaying ACL Configuration, page 31-40
C H A P T E R
Catalyst 3750 Switch Software Configuration Guide
31
31-1
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
