C H A P T E R 23

Configuring Network Security

This chapter contains network security information unique to the Cisco 7600 series routers, which supplements the network security information and procedures in these publications:

Cisco IOS Security Configuration Guide, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/index.htm

Cisco IOS Security Command Reference, Release 12.1, at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/index.htm

This chapter consists of these sections:

ACL Configuration Guidelines, page 23-1

Hardware and Software ACL Support, page 23-2

Guidelines and Restrictions for Using Layer 4 Operators in ACLs, page 23-3

Configuring the Cisco IOS Firewall Feature Set, page 23-4

Configuring MAC Address-Based Traffic Blocking, page 23-7

Configuring VLAN ACLs, page 23-8

Configuring TCP Intercept, page 23-18

Configuring Unicast Reverse Path Forwarding, page 23-19

Configuring Unicast Flood Protection, page 23-21

Configuring MAC Move Notification, page 23-22

Note With Releases 12.1(11b)E and later releases, when you are in configuration mode you can enter EXEC mode-level commands by entering the do keyword before the EXEC mode-level command.

ACL Configuration Guidelines

The following guidelines apply to ACL configurations:

Each type of ACL (IP, IPX, and MAC) filters only traffic of the corresponding type. A MAC ACL never matches IP or IPX traffic.

By default, the MSFC sends Internet Control Message Protocol (ICMP) unreachable messages when a packet is denied by an access group.

Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E

 

78-14064-04

23-1

 

 

 

Page 1
Image 1
Cisco Systems 7600 SERIES manual ACL Configuration Guidelines, This chapter consists of these sections, 23-1