CHAPTER
28-1
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-09
28
Configuring Network Security with ACLs
This chapter describes how to configure network security on your Catalyst 3550 switch by using access
control lists (ACLs), which are also referred to in commands and tables as access lists.
Note For complete syntax and usage information for the commands used in this chapter, refer to the switch
command reference for this release and the “Configuring IP Services” section of the Cisco IOS IP and
IP Routing Configuration Guide and the Cisco IOS IP and IP Routing Command Reference for IOS
Release 12.1.
This chapter consists of these sections:
• Understanding ACLs, page 28-1
• Configuring IP ACLs, page 28-6
• Configuring Named MAC Extended ACLs, page 28-26
• Configuring VLAN Maps, page 28-29
• Using VLAN Maps with Router ACLs, page 28-36
• Displaying ACL Information, page 28-41
Note To allocate system resources to maximize the number of security access control entries (ACEs) allowed
on the switch, you can use the sdm prefer access global configuration command to set the Switch
Database Management (sdm) feature to the access template. For more information on the SDM
templates, see the “Optimizing System Resources for User-Selected Features” section on page 7-27.
For information about determining resource usage for your configuration, see the “Displaying ACL
Resource Usage and Configuration Problems” section on page 28-43.
Understanding ACLs
Packet filtering can help limit network traffic and restrict network use by certain users or devices. ACLs
can filter traffic as it passes through a router and permit or deny packets at specified interfaces. An ACL
is a sequential collection of permit and deny conditions that apply to packets. When a packet is received
on an interface, the switch compares the fields in the packet against any applied ACLs to verify that the
packet has the required permissions to be forwarded, based on the criteria specified in the access lists.
It tests packets against the conditions in an access list one by one. The first match determines whether
To Next Page
Loading...
Need help?
General
