10-2
IPv4 Access Control Lists (ACLs)
Introduction
IPv4 filtering with ACLs can help improve network performance and restrict
network use by creating policies for:
■ Switch Management Access: Permits or denies in-band manage-
ment access. This includes limiting and/or preventing the use of
designated protocols that run on top of IPv4, such as TCP, UDP, IGMP,
ICMP, and others. Also included are the use of precedence and ToS
criteria, and control for application transactions based on source and
destination IPv4 addresses and transport layer port numbers.
■ Application Access Security: Eliminates unwanted traffic in a path
by filtering IPv4 packets where they enter or leave the switch on
specific VLAN interfaces.
IPv4 ACLs can filter traffic to or from a host, a group of hosts, or entire subnets.
Notes IPv4 ACLs can enhance network security by blocking selected traffic, and can
serve as part of your network security program. However, because ACLs do
not provide user or device authentication, or protection from malicious
manipulation of data carried in IPv4 packet transmissions, they should not
be relied upon for a complete security solution.
IPv4 ACLs on the switches covered by this manual do not filter non-IPv4 traffic
such as IPv6, AppleTalk, and IPX packets.
Configure an ACL from a TFTP Server n/a 10-107
Enable ACL Logging n/a 10-114
Feature Default CLI
To Next Page
Loading...
Need help?
General