Chapter 23 Configuring Network Security; Acl Configuration Guidelines - Cisco 6500 Series Software Configuration Manual

Configuring Network Security
This chapter contains network security information unique to the Catalyst 6500 series switches, which
supplements the network security information and procedures in these publications:
•
•
This chapter consists of these sections:
•
•
•
•
•
•
•
•
•
•
Note With Releases 12.1(11b)E and later releases, when you are in configuration mode you can enter EXEC
mode-level commands by entering the do keyword before the EXEC mode-level command.

ACL Configuration Guidelines

The following guidelines apply to ACL configurations:
•
•
78-14099-04
Cisco IOS Security Configuration Guide, Release 12.1, at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/index.htm
Cisco IOS Security Command Reference, Release 12.1, at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/index.htm
ACL Configuration Guidelines, page 23-1
Hardware and Software ACL Support, page 23-2
Guidelines and Restrictions for Using Layer 4 Operators in ACLs, page 23-3
Configuring the Cisco IOS Firewall Feature Set, page 23-5
Configuring MAC Address-Based Traffic Blocking, page 23-8
Configuring VLAN ACLs, page 23-8
Configuring TCP Intercept, page 23-18
Configuring Unicast Reverse Path Forwarding, page 23-19
Configuring Unicast Flood Protection, page 23-21
Configuring MAC Move Notification, page 23-22
Each type of ACL (IP, IPX, and MAC) filters only traffic of the corresponding type. A MAC ACL
never matches IP or IPX traffic.
By default, the MSFC sends Internet Control Message Protocol (ICMP) unreachable messages when
a packet is denied by an access group.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
C H A P T E R
23
23-1