Cisco Systems 2960 Manual De Usuario
31-6
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 31 Configuring Network Security with ACLs
Configuring IPv4 ACLs
Stack members perform these ACL functions:
•
They receive the ACL information from the master switch and program their hardware.
•
They act as standby switches, ready to take over the role of the stack master if the existing master
were to fail and they were to be elected as the new stack master.
were to fail and they were to be elected as the new stack master.
When a stack master fails and a new stack master is elected, the newly elected master reparses the backed
up running configuration. (See
up running configuration. (See
) The ACL configuration that
is part of the running configuration is also reparsed during this step. The new stack master distributes
the ACL information to all switches in the stack.
the ACL information to all switches in the stack.
Configuring IPv4 ACLs
Note
If the switch is running the LAN Lite image, you can configure ACLs, but you cannot attach them to
physical interfaces. When running either the LAN Lite or LAN base image, you can attach ACLs to
VLAN interfaces to filter traffic to the CPU.
physical interfaces. When running either the LAN Lite or LAN base image, you can attach ACLs to
VLAN interfaces to filter traffic to the CPU.
Configuring IP v4ACLs on the switch is the same as configuring IPv4 ACLs on other Cisco switches and
routers. The process is briefly described here. For more detailed information on configuring ACLs, see
the “Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP
Configuration Guide, Release 12.2. For detailed information about the commands, see the Cisco IOS IP
Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2. The Cisco IOS
documentation is available from the Cisco.com page under Documentation > Cisco IOS Software >
12.2 Mainline > Configuration Guides or Command References.
routers. The process is briefly described here. For more detailed information on configuring ACLs, see
the “Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP
Configuration Guide, Release 12.2. For detailed information about the commands, see the Cisco IOS IP
Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2. The Cisco IOS
documentation is available from the Cisco.com page under Documentation > Cisco IOS Software >
12.2 Mainline > Configuration Guides or Command References.
The switch does not support these Cisco IOS router ACL-related features:
•
Non-IP protocol ACLs (see
) or bridge-group ACLs
•
IP accounting
•
Inbound and outbound rate limiting (except with QoS ACLs)
•
Reflexive ACLs or dynamic ACLs (except for some specialized dynamic ACLs used by the switch
clustering feature)
clustering feature)
•
ACL logging
These are the steps to use IP ACLs on the switch:
Step 1
Create an ACL by specifying an access list number or name and the access conditions.
Step 2
Apply the ACL to interfaces or terminal lines.
These sections contain this configuration information:
•
•
•
•
•
•