Cisco Systems 7600 SERIES manual Cisco IOS Firewall Feature Set Support Overview, 23-5

Page 5

Chapter 23 Configuring Network Security

Configuring the Cisco IOS Firewall Feature Set

Firewall Configuration Guidelines and Restrictions, page 23-6

Configuring CBAC on Cisco 7600 Series Routers, page 23-6

Cisco IOS Firewall Feature Set Support Overview

The firewall feature set images support these Cisco IOS firewall features:

Context-based Access Control (CBAC)

Port-to-Application Mapping (PAM)

Authentication Proxy

These are the firewall feature set image names:

c6sup22-jo3sv-mz

c6sup22-po3sv-mz

c6sup12-jo3sv-mz

c6sup12-po3sv-mz

For more information about Cisco IOS firewall features, refer to the Cisco IOS Security Configuration Guide, Release 12.1, “Traffic Filtering and Firewalls” online publications:

The “Cisco IOS Firewall Overview” chapter at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/scdfirw l.htm

The “Configuring Context-Based Access Control” chapter at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/scdcbac

.htm

The “Configuring Authentication Proxy” chapter at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/scdauth p.htm

Cisco IOS Security Command Reference publication at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/index.htm

The following features are supported with and without the use of a Cisco IOS firewall image:

Standard access lists and static extended access lists

Lock-and-key (dynamic access lists)

IP session filtering (reflexive access lists)

TCP intercept

Security server support

Network address translation

Neighbor router authentication

Event logging

User authentication and authorization

Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E

 

78-14064-04

23-5

 

 

 

Image 5
Contents 23-1 ACL Configuration GuidelinesThis chapter consists of these sections 23-2 Hardware and Software ACL Support23-3 Determining Layer 4 Operation UsageDetermining Logical Operation Unit Usage Configuring the Cisco IOS Firewall Feature SetMore detailed example follows 23-423-5 Cisco IOS Firewall Feature Set Support OverviewConfiguring Cbac on Cisco 7600 Series Routers Firewall Configuration Guidelines and RestrictionsRestrictions Guidelines23-7 Configuring MAC Address-Based Traffic BlockingUnderstanding VACLs Configuring Vlan ACLsVacl Overview 23-8Bridged Packets VACLs and Cbac cannot be configured on the same interfaceSame interface Igmp packets are not checked against VACLs23-10 Routed PacketsThese sections describe configuring VACLs Configuring VACLsMulticast Packets 23-11Defining a Vlan Access Map Vacl Configuration OverviewTo define a Vlan access map, perform this task 23-12Configures the match clause in a Vlan access map sequence Configuring a Match Clause in a Vlan Access Map SequenceDeletes the match clause in a Vlan access map sequence 23-1323-14 Configuring an Action Clause in a Vlan Access Map SequenceApplying a Vlan Access Map 23-15 Verifying Vlan Access Map ConfigurationVlan Access Map Configuration and Verification Examples 23-16 Configuring a Capture Port23-17 Configuring Vacl Logging23-18 Configuring TCP InterceptConfiguring Unicast RPF Configuring Unicast Reverse Path ForwardingUnderstanding Unicast RPF Support Enabling Self-Pinging23-20 Configuring the Unicast RPF Checking Mode23-21 Configuring Unicast Flood ProtectionThis example shows how to verify the configuration 23-22 Configuring MAC Move Notification23-23 23-24
Related manuals
Manual 74 pages 38.06 Kb