Cisco ESW-520-48P-K9 Software Guide - Page 108
Configuring AutoSecure, Configuring Access Lists
View all Cisco ESW-520-48P-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 108 highlights
Configuring AutoSecure Chapter 11 Configuring Security Features For information about configuring AAA services and supported security protocols, see the following sections of the Cisco IOS Security Configuration Guide: • Configuring Authentication • Configuring Authorization • Configuring Accounting • Configuring RADIUS • Configuring TACACS+ • Configuring Kerberos Configuring AutoSecure The AutoSecure feature disables common IP services that can be exploited for network attacks and enables IP services and features that can aid in the defense of a network when under attack. These IP services are all disabled and enabled simultaneously with a single command, greatly simplifying security configuration on your router. For a complete description of the AutoSecure feature, see the AutoSecure feature document. Configuring Access Lists Access lists (ACLs) permit or deny network traffic over an interface based on source IP address, destination IP address, or protocol. Access lists are configured as standard or extended. A standard access list either permits or denies passage of packets from a designated source. An extended access list allows designation of both the destination and the source, and it allows designation of individual protocols to be permitted or denied passage. An access list is a series of commands with a common tag to bind them together. The tag is either a number or a name. Table 11-1 lists the commands used to configure access lists. Table 11-1 Access List Configuration Commands ACL Type Numbered Standard Extended Named Standard Extended Configuration Commands access-list {1-99}{permit | deny} source-addr [source-mask] access-list {100-199}{permit | deny} protocol source-addr [source-mask] destination-addr [destination-mask] ip access-list standard name followed by deny {source | source-wildcard | any} ip access-list extended name followed by {permit | deny} protocol {source-addr[source-mask] | any}{destination-addr [destination-mask] | any} 11-2 Cisco Secure Router 520 Series Software Configuration Guide OL-14210-01