34-5
Cisco IE 3000 Switch Software Configuration Guide
OL-13018-03
Chapter 34 Configuring Network Security with ACLs
Configuring IPv4 ACLs
These are the steps to use IP ACLs on the switch:
Step 1
Create an ACL by specifying an access list number or name and the access conditions.
Step 2
Apply the ACL to interfaces or terminal lines.
These sections contain this configuration information:
•
Creating Standard and Extended IPv4 ACLs, page 34-5
•
Applying an IPv4 ACL to a Terminal Line, page 34-16
•
Applying an IPv4 ACL to an Interface, page 34-16
•
Hardware and Software Treatment of IP ACLs, page 34-17
•
Troubleshooting ACLs, page 34-17
•
IPv4 ACL Configuration Examples, page 34-18
Creating Standard and Extended IPv4 ACLs
This section describes IP ACLs. An ACL is a sequential collection of permit and deny conditions. One
by one, the switch tests packets against the conditions in an access list. The first match determines
whether the switch accepts or rejects the packet. Because the switch stops testing after the first match,
the order of the conditions is critical. If no conditions match, the switch denies the packet.
The software supports these types of ACLs or access lists for IPv4:
•
Standard IP access lists use source addresses for matching operations.
•
Extended IP access lists use source and destination addresses for matching operations and optional
protocol-type information for finer granularity of control.
These sections describe access lists and how to create them:
•
Access List Numbers, page 34-6
•
Creating a Numbered Standard ACL, page 34-7
•
Creating a Numbered Extended ACL, page 34-8
•
Resequencing ACEs in an ACL, page 34-12
•
Creating Named Standard and Extended ACLs, page 34-12
•
Using Time Ranges with ACLs, page 34-14
•
Including Comments in ACLs, page 34-15