C H A P T E R
12-1
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
12
Configuring Traffic Filtering
The Cisco 10000 series router provides traffic filtering capabilities using access control lists (ACLs).
Access lists filter network traffic by controlling whether routed packets are forwarded or blocked at the
router's interfaces. Using ACLs, you can do such things as restrict the contents of routing updates,
provide traffic flow control, and provide security for your network.
The Cisco 10000 series router supports the following ACL types and features:
•
Standard and extended ACLs
•
Named and numbered ACLs
•
Turbo-ACLs
•
Per-user ACLs
•
IP receive ACLs
•
Time-based ACLs
For more information about ACLs, see the following documents:
•
Turbo Access Control Lists, Release 12.1(5)T
feature module
•
Part 3: Traffic Filtering and Firewalls in the
Cisco IOS Security Configuration Guide, Release 12.2
This chapter describes the following features:
•
IP Receive ACLs, page 12-1
•
Time-Based ACLs, page 12-4
IP Receive ACLs
The IP Receive ACLs feature provides basic filtering capability for traffic that is destined for the router
and protects the router from remote intrusions.
To restrict access to the router, you apply a numbered ACL to the ingress interface of the router. You can
restrict access to the router to known and trusted sources, and to expected traffic profiles. The IP Receive
ACLs feature supports both standard and extended ACLs. The rules for numbered ACLs also apply to
the access control entries (ACEs) of the IP receive ACL.
The IP receive ACL filters traffic on the parallel express forwarding engine (PXF) before filtering the
packets received by the route processor (RP). This feature protects the router from denial of service
(DoS) floods, thereby preventing the flood from degrading the performance of the route processor (RP).