CHAPT ER
23-1
Cisco7600 Series Router Cisco IOS Software Configuration Guide—12.1E
78-14064-04
23
Configuring Network SecurityThis chapter contains network security information unique to the Cisco7600 series routers, which
supplements the network security information and procedures in these publications:
•Cisco IOS Security Configuration Guide, Release 12.1, at thisURL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/index.htm
•Cisco IOS Security Command Reference, Release 12.1, at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/index.htm
This chapter consists of these sections:
•ACL Configuration Guidelines, page 23-1
•Hardware and Software ACL Support, page 23-2
•Guidelines and Restrictions for Using Layer 4 Operators in ACLs, page 23-3
•Configuring the Cisco IOS Firewall Feature Set, page 23-4
•Configuring MAC Address-Based Traffic Blocking, page 23-7
•Configuring VLAN ACLs, page 23-8
•Configuring TCP Intercept, page 23-18
•Configuring Unicast Reverse Path Forwarding, page 23-19
•Configuring Unicast Flood Protection, page 23-21
•Configuring MAC Move Notification, page 23-22
Note With Releases 12.1(11b)E and later releases, when you are in configuration mode you can enter EXEC
mode-level commands by entering the do keyword before the EXEC mode-level command.
ACL Configuration Guidelines
The following guidelines apply to ACL configurations:
•Each type of ACL (IP, IPX, and MAC) filters only traffic of the corresponding type. A MAC ACL
never matches IP or IPX traffic.
•By default, the MSFC sends Internet Control Message Protocol (ICMP) unreachable messages when
a packet is denied by an access group.