28-7
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
Chapter28 Configuring Network Securi ty with ACLs Configuring IPv4 ACLs
The switch does not support these Cisco IOS router ACL-related features:
Non-IP protocol ACLs (see Table 28-1 on page 28-8) or bridge-group ACLs
IP accounting
Inbound and outbound rate limiting (except with QoS ACLs)
Reflexive ACLs or dynamic ACLs
ACL logging for port ACLs and VLAN maps
These are the steps to use IP ACLs on the switch:
Step1 Create an ACL by specifying an access list number or name and the access conditions.
Step2 Apply the ACL to interfaces or terminal lines. You can also apply standard and extended IP ACLs to
VLAN maps.
These sections contain this configuration information:
Creating Standard and Extended IPv4 ACLs, page 28-7
Applying an IPv4 ACL to a Terminal Line, page 28-18
Applying an IPv4 ACL to an Interface, page 28-19
Hardware and Software Treatment of IP ACLs, page 28-21
IPv4 ACL Configuration Examples, page 28-21
Creating Standard and Extended IPv4 ACLs
This section describes IP ACLs. An ACL is a sequential collection of permit and de ny co nditi ons. O ne
by one, the switch tests packets against the conditions in an access list. The first match determines
whether the switch accepts or rejects the packet. Because the switch stops testing after the first match,
the order of the conditions is critical. If no conditions match, the switch denies the packet.
The software supports these types of ACLs or access lists for IPv4:
Standard IP access lists use source addresses for matching operations.
Extended IP access lists use source and destination addresses for matching operat ions and optional
protocol-type information for finer granularity of control.
These sections describe access lists and how to create them:
IPv4 Access List Numbers, page 28-8
ACL Logging, page 28-8
Creating a Numbered Standard ACL, page 28-9
Creating a Numbered Extended ACL, page 28-10
Resequencing ACEs in an ACL, page 28-14
Creating Named Standard and Extended ACLs, page 28-14
Using Time Ranges with ACLs, page 28-16
Including Comments in ACLs, page 28-18