Chapter 19 Configuring Network Security With Acls; Understanding Acls - Cisco WS-C3550-12G Software Configuration Manual
Multilayer switch
Hide thumbs
Also See for WS-C3550-12G:
- User manual (436 pages) ,
- Manual (278 pages) ,
- Datasheet (19 pages)
Table of Contents
Advertisement
Configuring Network Security with ACLs
This chapter describes how to configure network security on your switch by using access control lists
(ACLs), which are also referred to in commands and tables as access lists. To take advantage of some of
the features described in this chapter, you must have the enhanced multilayer software image installed
on your switch.
For complete syntax and usage information for the commands used in this chapter, refer to the
Note
Catalyst 3550 Multilayer Switch Command Reference for this release and the "Configuring IP
Services" section of the Cisco IOS IP and IP Routing Configuration Guide and the Cisco IOS IP and
IP Routing Command Reference for IOS Release 12.1.
This chapter consists of these sections:
•
Understanding ACLs, page 19-1
•
Configuring Router ACLs, page 19-5
Configuring VLAN Maps, page 19-27
•
•
Using VLAN Maps with Router ACLs, page 19-36
Note
To allocate system resources to maximize the number of security access control entries (ACEs)
allowed on the switch, you can use the sdm prefer access global configuration command to set the
Switch Database Management feature to the access template. For more information on the SDM
templates, see the
Understanding ACLs
Packet filtering can help limit network traffic and restrict network use by certain users or devices. ACLs
can filter traffic as it passes through a router and permit or deny packets from crossing specified
interfaces. An ACL is a sequential collection of permit and deny conditions that apply to packets. When
a packet is received on an interface, the switch compares the fields in the packet against any applied
ACLs to verify that the packet has the required permissions to be forwarded, based on the criteria
specified in the access lists. It tests packets against the conditions in an access list one by one. The first
match determines whether the switch accepts or rejects the packets. Because the switch stops testing
conditions after the first match, the order of conditions in the list is critical. If no conditions match, the
switch rejects the packets. If there are no restrictions, the switch forwards the packet; otherwise, the
switch drops the packet.
78-11194-03
"Optimizing System Resources for User-Selected Features" section on page
Catalyst 3550 Multilayer Switch Software Configuration Guide
C H A P T E R
19
6-57.
19-1
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
