Cisco Systems 7600 SERIES manual ACL Configuration Guidelines, 23-1

Page 1

C H A P T E R 23

Configuring Network Security

This chapter contains network security information unique to the Cisco 7600 series routers, which supplements the network security information and procedures in these publications:

Cisco IOS Security Configuration Guide, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/index.htm

Cisco IOS Security Command Reference, Release 12.1, at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/index.htm

This chapter consists of these sections:

ACL Configuration Guidelines, page 23-1

Hardware and Software ACL Support, page 23-2

Guidelines and Restrictions for Using Layer 4 Operators in ACLs, page 23-3

Configuring the Cisco IOS Firewall Feature Set, page 23-4

Configuring MAC Address-Based Traffic Blocking, page 23-7

Configuring VLAN ACLs, page 23-8

Configuring TCP Intercept, page 23-18

Configuring Unicast Reverse Path Forwarding, page 23-19

Configuring Unicast Flood Protection, page 23-21

Configuring MAC Move Notification, page 23-22

Note With Releases 12.1(11b)E and later releases, when you are in configuration mode you can enter EXEC mode-level commands by entering the do keyword before the EXEC mode-level command.

ACL Configuration Guidelines

The following guidelines apply to ACL configurations:

Each type of ACL (IP, IPX, and MAC) filters only traffic of the corresponding type. A MAC ACL never matches IP or IPX traffic.

By default, the MSFC sends Internet Control Message Protocol (ICMP) unreachable messages when a packet is denied by an access group.

Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E

 

78-14064-04

23-1

 

 

 

Page 1 Page 2
Image 1
Page 1 Page 2
Contents This chapter consists of these sections ACL Configuration Guidelines23-1 23-2 Hardware and Software ACL Support23-3 Determining Layer 4 Operation UsageDetermining Logical Operation Unit Usage Configuring the Cisco IOS Firewall Feature SetMore detailed example follows 23-423-5 Cisco IOS Firewall Feature Set Support OverviewConfiguring Cbac on Cisco 7600 Series Routers Firewall Configuration Guidelines and RestrictionsRestrictions Guidelines23-7 Configuring MAC Address-Based Traffic BlockingUnderstanding VACLs Configuring Vlan ACLsVacl Overview 23-8Bridged Packets VACLs and Cbac cannot be configured on the same interfaceSame interface Igmp packets are not checked against VACLs23-10 Routed PacketsThese sections describe configuring VACLs Configuring VACLsMulticast Packets 23-11Defining a Vlan Access Map Vacl Configuration OverviewTo define a Vlan access map, perform this task 23-12Configures the match clause in a Vlan access map sequence Configuring a Match Clause in a Vlan Access Map SequenceDeletes the match clause in a Vlan access map sequence 23-13Applying a Vlan Access Map Configuring an Action Clause in a Vlan Access Map Sequence23-14 Vlan Access Map Configuration and Verification Examples Verifying Vlan Access Map Configuration23-15 23-16 Configuring a Capture Port23-17 Configuring Vacl Logging23-18 Configuring TCP InterceptConfiguring Unicast RPF Configuring Unicast Reverse Path ForwardingUnderstanding Unicast RPF Support Enabling Self-Pinging23-20 Configuring the Unicast RPF Checking ModeThis example shows how to verify the configuration Configuring Unicast Flood Protection23-21 23-22 Configuring MAC Move Notification23-23 23-24
Related manuals
Manual 74 pages 38.06 Kb
Top Page Image Contents