Filter
Top Products
CHAPTER
37-1
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
37
Configuring Network Security with ACLs
Finding Feature Information
Your software release may not support all the features documented in this chapter. For the latest feature
information and caveats, see the release notes for your platform and software release.
Use Cisco Feature Navigator to find information about platform support and Cisco software image
support. To access Cisco Feature Navigator, go to
http://www.cisco.com/go/cfn. An account on
Cisco.com is not required.
Restrictions for Network Security with ACLs
The switch does not support these Cisco IOS router ACL-related features:
• Non-IP protocol ACLs (see Table 37-1 on page 37-5) or bridge-group ACLs
• IP accounting
• Inbound and outbound rate limiting (except with QoS ACLs)
• Reflexive ACLs or dynamic ACLs (except for some specialized dynamic ACLs used by the switch
clustering feature)
• ACL logging for port ACLs and VLAN maps
Information About Network Security with ACLs
ACLs
Packet filtering can help limit network traffic and restrict network use by certain users or devices. ACLs
filter traffic as it passes through a router or switch and permit or deny packets crossing specified
interfaces or VLANs. An ACL is a sequential collection of permit and deny conditions that apply to
packets. When a packet is received on an interface, the switch compares the fields in the packet against
any applied ACLs to verify that the packet has the required permissions to be forwarded, based on the
criteria specified in the access lists. One by one, it tests packets against the conditions in an access list.
The first match decides whether the switch accepts or rejects the packets. Because the switch stops
testing after the first match, the order of conditions in the list is critical. If no conditions match, the