When configuring an access list, you can add multiple statements by adding criteria to the same numbered list. The order of the statements is important, as the switch tests addresses against the criteria in an access list one by one (in the order the statements are entered) until it finds a match. The first match determines whether the system accepts or rejects the address. Because the system stops testing conditions after the first match, the order of the conditions is critical.
To develop an ACL first determine the protocols required within your networks. Although every site has specific requirements, certain protocols and applications are widely used. For example, network segments that provide connectivity for a publicly accessible web server or TCP.
Use the following sources to identify required traffic. The number of instances of applied access lists usually will not exceed 128 due to hardware limitations.
•Review local security policy
•Review firewall configuration
•Review applications
Using a Classification ACL
A classification ACL is composed of permit statements for the various protocols that could be destined to the internal network. (See for a list of commonly used protocols and applications.) Use the show
In addition to direct protection, the ACL should also provide a first line of defense against certain types of invalid traffic on the Internet.
58 | Asante IntraCore IC36240 | User’s Manual |