RST-3508
9805_05_2004_c2
RST-3508
9805_05_2004_c2
© 2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Applying a RACL/PACL
interface Vlan4
ip address 4.4.4.1 255.255.255.0
end
cat4507R#show ip access-lists
Extended IP access list 101
deny tcp host 200.200.200.1 any neq 80 (5 matches)
permit ip any any (11915 matches)
Cat4507(config)#interface vlan 4
Cat4507(config-if)#ip access-group 101 in
Cat4507(config-if)#
Cat4507(config)#interface fa 4/23
Cat4507(config-if)#swichport access vlan 4
Cat4507(config-if)#ip access-group 101 in
© 2004 Cisco Systems, Inc. All rights reserved.
Layer 4 Operators (L4 Ops)
The (operator, operand) tuples for TCP and UDP
•
port numbers
These ACL operators are considered L4 Ops:
•
gt
lt
neq
range
access-list 106 permit tcp any range 100 120 any range
120 140
Greater than 6 L4 ops limit in an
•
ACE expansion or more TCAM entries being used
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_2_18/config/secure.htm#1050515
© 2004 Cisco Systems, Inc. All rights reserved.
Counters
Done in
HW
RACL
PACL
ACL...results in
83
83
83
84
84
84