Configuring LAN Interfaces

Configuring a LAN Extender Interface

The major reason to create access lists on a LAN Extender interface is to prevent traffic that is local to the remote Ethernet LAN from traversing the WAN and reaching the core router. You can filter packets by MAC address, including vendor code, and by Ethernet type code. To define filters on the LAN Extender interface, perform the tasks described in one or both of the following sections:

Filtering by MAC Address and Vendor Code

Filtering by Protocol Type

Note When setting up administrative filtering, remember that there is virtually no performance penalty when filtering by vendor code, but there can be a performance penalty when filtering by protocol type.

When defining access lists, keep the following points in mind:

You can assign only one vendor code access list and only one protocol type access list to an interface.

The conditions in the access list are applied to all outgoing packets from the LAN Extender.

The entries in an access list are scanned in the order you enter them. The first entry that matches the outgoing packet is used.

An implicit “deny everything” entry is automatically defined at the end of an access list unless you include an explicit “permit everything” entry at the end of the list. This means that unless you have an entry at the end of an access list that explicitly permits all packets that do no match any of the other conditions in the access list, these packets will not be forwarded out the interface.

All new entries to an existing list are placed at the end of the list. You cannot add an entry to the middle of a list.

If you do not define any access lists on an interface, it is as if you had defined an access lists with only a “permit all” entry. All traffic passes across the interface.

Filtering by MAC Address and Vendor Code

You can create access lists to administratively filter MAC addresses. These access lists can filter groups of MAC addresses, including those with particular vendor codes. There is no noticeable performance loss in using these access lists, and the lists can be of indefinite length.

You can filter groups of MAC addresses with particular vendor codes by creating a vendor code access list and then by applying an access list to an interface.

To create a vendor code access list, use the following command in global configuration mode:

Command

Purpose

 

 

access-listaccess-list-number

Creates an access list to filter frames by canonical (Ethernet-ordered) MAC

{permit deny} address mask

address.

 

 

Note Token Ring and FDDI networks swap their MAC address bit ordering, but Ethernet networks do not. Therefore, an access list that works for one medium might not work for others.

Cisco IOS Interface Configuration Guide

IC-52

Page 30
Image 30
Cisco Systems IC-23 manual Filtering by MAC Address and Vendor Code, IC-52

IC-23 specifications

Cisco Systems IC-23 is a robust networking device designed to address the ever-evolving demands of modern enterprises. As part of Cisco's extensive portfolio, the IC-23 serves as an ideal solution for organizations seeking to enhance their network performance, reliability, and scalability.

One of the standout features of the Cisco IC-23 is its high-speed connectivity options. With support for both wired and wireless communications, this device can seamlessly integrate into a wide range of network architectures. It offers multiple Gigabit Ethernet ports, enabling rapid data transfer and facilitating the connection of numerous devices without compromising performance.

Another key characteristic of the IC-23 is its advanced security protocols. Data breaches and cyber threats are persistent concerns in today's digital landscape, and Cisco addresses these challenges head-on with robust security measures. The IC-23 incorporates features such as firewall capabilities, intrusion detection systems, and secure VPN support, ensuring that sensitive information remains protected while traversing the network.

The IC-23 also leverages Cisco's renowned software-defined networking (SDN) capabilities. This technology allows businesses to manage their network resources dynamically, ensuring optimal performance based on real-time demands. As a result, organizations can easily adjust their network configurations to meet fluctuating workloads, enhancing both efficiency and cost-effectiveness.

Scalability is another critical feature of the IC-23, making it an excellent choice for growing companies. Cisco has designed this device to accommodate increasing data traffic without necessitating a complete overhaul of existing infrastructure. This adaptability ensures that organizations can expand their networks smoothly as their operations evolve.

Moreover, the IC-23 supports a variety of network management tools, providing IT teams with the insights needed to monitor performance and troubleshoot issues proactively. Cisco's user-friendly interface simplifies the process of network management, allowing administrators to optimize resources and maintain continuous uptime.

In conclusion, Cisco Systems IC-23 stands out as a highly capable networking solution tailored for modern enterprises. With its high-speed connectivity, comprehensive security features, SDN capabilities, scalability, and intuitive management tools, the IC-23 is well-equipped to meet the demands of today’s digital environments. As organizations continue to navigate the complexities of the digital age, the IC-23 prepares them to thrive in an increasingly interconnected world.