Manualshelf

Cisco Gigabit Ethernet Switch Module for HP p-Class BladeSystem Software Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesCisco BLp-Class Ethernet Switch
481482483484485486487488489490
CHAPTER
26-1
Cisco Gigabit Ethernet Switch Module for HP p-Class BladeSystem Software Configuration Guide
380261-003
26
Configuring Network Security with ACLs
This chapter describes how to configure network security on the switch by using access control lists
(ACLs), which in commands and tables are also referred to as access lists.
Note Information in this chapter about IP ACLs is specific to IP Version 4 (IPv4).
For complete syntax and usage information for the commands used in this chapter, see the command
reference for this release, see the “Configuring IP Services” section in the “IP Addressing and Services”
chapter of the Cisco IOS IP Configuration Guide, Release 12.2, and the Cisco IOS IP Command
Reference, Volume 1 of 3: Addressing and Services, Release 12.2.
This chapter consists of these sections:
Understanding ACLs, page 26-1
Configuring IPv4 ACLs, page 26-5
Creating Named MAC Extended ACLs, page 26-20
Configuring VLAN Maps, page 26-22
Displaying IPv4 ACL Configuration, page 26-29
Understanding ACLs
Packet filtering can help limit network traffic and restrict network use by certain users or devices. ACLs
filter traffic as it passes through a switch and permit or deny packets crossing specified interfaces or
VLANs. An ACL is a sequential collection of permit and deny conditions that apply to packets. When a
packet is received on an interface, the switch compares the fields in the packet against any applied ACLs
to verify that the packet has the required permissions to be forwarded, based on the criteria specified in
the access lists. One by one, it tests packets against the conditions in an access list. The first match
decides whether the switch accepts or rejects the packets. Because the switch stops testing after the first
match, the order of conditions in the list is critical. If no conditions match, the switch rejects the packet.
If there are no restrictions, the switch forwards the packet; otherwise, the switch drops the packet. The
switch can use ACLs on all packets it forwards, including packets bridged within a VLAN.
You configure access lists on a switch to provide basic security for your network. If you do not configure
ACLs, all packets passing through the switch could be allowed onto all parts of the network. You can
use ACLs to control which hosts can access different parts of a network or to decide which types of
traffic are forwarded or blocked. For example, you can allow e-mail traffic to be forwarded but not
Telnet traffic.