Configuring IP ACLs
Configuring IP ACLs
Configuring IP ACLs on the switch is the same as configuring IP ACLs on other Cisco switches and
routers. The process is briefly described here. For more detailed information on configuring ACLs, refer
to the "Configuring IP Services" chapter in the Cisco IP and IP Routing Configuration Guide for IOS
Release 12.1. For detailed information about the commands, refer to Cisco IOS IP and IP Routing
Command Reference for IOS Release 12.1.
The switch does not support these IOS router ACL-related features:
•
•
•
•
•
These are the steps to use IP ACLs on the switch:
Step 1
Create an ACL by specifying an access list number or name and access conditions.
Step 2
Apply the ACL to interfaces or terminal lines. You can also apply standard and extended IP ACLs to
VLAN maps.
This section includes the following information:
•
•
•
•
•
Creating Standard and Extended IP ACLs
This section describes IP ACLs. An ACL is a sequential collection of permit and deny conditions. The
switch tests packets against the conditions in an access list one by one. The first match determines
whether the switch accepts or rejects the packet. Because the switch stops testing conditions after the
first match, the order of the conditions is critical. If no conditions match, the switch denies the packet.
The software supports these types of ACLs or access lists for IP:
•
•
Catalyst 3750 Metro Switch Software Configuration Guide
25-6
Non-IPv4 protocol ACLs (see
IP accounting
Inbound and outbound rate limiting (except with QoS ACLs)
Reflexive ACLs or dynamic ACLs (except for some specialized dynamic ACLs used by the switch
clustering feature)
ACL logging for port ACLs and VLAN maps
Creating Standard and Extended IP ACLs, page 25-6
Applying an IP ACL to a Terminal Line, page 25-17
Applying an IP ACL to an Interface, page 25-18
Hardware and Software Treatment of IP ACLs, page 25-19
IP ACL Configuration Examples, page 25-20
Standard IP access lists use source addresses for matching operations.
Extended IP access lists use source and destination addresses for matching operations and optional
protocol-type information for finer granularity of control.
Chapter 25
Table 25-1 on page
25-7) or bridge-group ACLs
Configuring Network Security with ACLs
78-15870-01