Filter
Top Products
When configuring an access list, you can add multiple statements by adding criteria to the same numbered list. The
order of the statements is important, as the switch tests addresses against the criteria in an access list one by one (in
the order the statements are entered) until it finds a match. The first match determines whether the system accepts or
rejects the address. Because the system stops testing conditions after the first match, the order of the conditions is
critical.
To develop an ACL first determine the protocols required within your networks. Although every site has specific
requirements, certain protocols and applications are widely used. For example, network segments that provide
connectivity for a publicly accessible web server or TCP.
Use the following sources to identify required traffic. The number of instances of applied access lists usually will not
exceed 128 due to hardware limitations.
• Review local security policy
• Review firewall configuration
• Review applications
Using a Classification ACL
A classification ACL is composed of permit statements for the various protocols that could be destined to the internal
network. (See for a list of commonly used protocols and applications.) Use the show access-list command to display
a count of access control entry (ACE) hits to identify required protocols. Investigate and understand and suspicious or
surprising results before you create explicit permit statements for unexpected protocols.
In addition to direct protection, the ACL should also provide a first line of defense against certain types of invalid
traffic on the Internet.
58 Asante IntraCore IC36240 User’s Manual