Chapter 30
Configuring Network Security with ACLs
These are the steps to use IP ACLs on the switch:
Create an ACL by specifying an access list number or name and the access conditions.
Step 1
Apply the ACL to interfaces or terminal lines.
Step 2
These sections contain this configuration information:
•
•
•
•
•
Creating Standard and Extended IPv4 ACLs
This section describes IP ACLs. An ACL is a sequential collection of permit and deny conditions. One
by one, the switch tests packets against the conditions in an access list. The first match determines
whether the switch accepts or rejects the packet. Because the switch stops testing after the first match,
the order of the conditions is critical. If no conditions match, the switch denies the packet.
The software supports these types of ACLs or access lists for IPv4:
•
•
These sections describe access lists and how to create them:
•
•
•
•
•
•
•
OL-13018-01
Creating Standard and Extended IPv4 ACLs, page 30-5
Applying an IPv4 ACL to a Terminal Line, page 30-16
Applying an IPv4 ACL to an Interface, page 30-16
Hardware and Software Treatment of IP ACLs, page 30-17
IPv4 ACL Configuration Examples, page 30-17
Standard IP access lists use source addresses for matching operations.
Extended IP access lists use source and destination addresses for matching operations and optional
protocol-type information for finer granularity of control.
Access List Numbers, page 30-6
Creating a Numbered Standard ACL, page 30-7
Creating a Numbered Extended ACL, page 30-8
Resequencing ACEs in an ACL, page 30-12
Creating Named Standard and Extended ACLs, page 30-12
Using Time Ranges with ACLs, page 30-14
Including Comments in ACLs, page 30-15
Cisco IE 3000 Switch Software Configuration Guide
Configuring IPv4 ACLs
30-5