23-1
ACL Configuration Guidelines
This chapter consists of these sections
23-2
Hardware and Software ACL Support
23-3
Determining Layer 4 Operation Usage
23-4
Configuring the Cisco IOS Firewall Feature Set
Determining Logical Operation Unit Usage
More detailed example follows
23-5
Cisco IOS Firewall Feature Set Support Overview
Guidelines
Firewall Configuration Guidelines and Restrictions
Configuring Cbac on Cisco 7600 Series Routers
Restrictions
23-7
Configuring MAC Address-Based Traffic Blocking
23-8
Configuring Vlan ACLs
Understanding VACLs
Vacl Overview
Igmp packets are not checked against VACLs
VACLs and Cbac cannot be configured on the same interface
Bridged Packets
Same interface
23-10
Routed Packets
23-11
Configuring VACLs
These sections describe configuring VACLs
Multicast Packets
23-12
Vacl Configuration Overview
Defining a Vlan Access Map
To define a Vlan access map, perform this task
23-13
Configuring a Match Clause in a Vlan Access Map Sequence
Configures the match clause in a Vlan access map sequence
Deletes the match clause in a Vlan access map sequence
23-14
Configuring an Action Clause in a Vlan Access Map Sequence
Applying a Vlan Access Map
23-15
Verifying Vlan Access Map Configuration
Vlan Access Map Configuration and Verification Examples
23-16
Configuring a Capture Port
23-17
Configuring Vacl Logging
23-18
Configuring TCP Intercept
Enabling Self-Pinging
Configuring Unicast Reverse Path Forwarding
Configuring Unicast RPF
Understanding Unicast RPF Support
23-20
Configuring the Unicast RPF Checking Mode
23-21
Configuring Unicast Flood Protection
This example shows how to verify the configuration
23-22
Configuring MAC Move Notification
23-23
23-24
