Security Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3650 Switches) - Configuring IPv4 ACLs [Cisco Catalyst 3650 Series Switches] Defines an extended IPv4 access list and the access conditions.
The access-list-number is a decimal number from 100 to 199 or 2000 to 2699. Enter deny or permit to specify whether to deny or permit the packet if conditions are matched. For protocol, enter the name or number of an P protocol: ahp, eigrp, esp, gre, icmp, igmp, igrp, ip, ipinip, nos, ospf, pcp, pim, tcp, or udp, or an integer in the range 0 to 255 representing an IP protocol number. To match any Internet protocol (including ICMP, TCP, and UDP), use the keyword ip. The source is the number of the network or host from which the packet is sent. The source-wildcard applies wildcard bits to the source. The destination is the network or host number to which the packet is sent. The destination-wildcard applies wildcard bits to the destination. Source, source-wildcard, destination, and destination-wildcard can be specified as: The 32-bit quantity in dotted-decimal format. The other keywords are optional and have these meanings:
Creating Ethernet VLANs on Catalyst Switches. Introduction This document provides basic information on how to create VLANs on Catalyst switches that run Catalyst OS (CatOS) and Cisco IOS® System Software.
The sample commands for each section use one Catalyst switch from each configuration section. Prerequisites Requirements Cisco recommends that you have knowledge of the information in this section. VLANs are a mechanism to allow network administrators to create logical broadcast domains that can span across a single switch or multiple switches, regardless of physical proximity. In order to create VLANs, you must decide how to configure these items: What VLAN Trunk Protocol (VTP) domain name and VTP mode to use on this switch Which ports on the switch belong to which VLAN If you need to have communication between VLANs, or if they are isolated If you require communication between VLANs, you must use a Layer 3 routing device, such as an external Cisco router or an internal router module. Components Used Related Products Conventions. B lay2 3se 3650 cg. Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX - Configuring IPv4 ACLs [Cisco Catalyst 2960-X Series Switches]
Defines an extended IPv4 access list and the access conditions.
The access-list-number is a decimal number from 100 to 199 or 2000 to 2699. Security Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3650 Switches) - Configuring DHCP [Cisco Catalyst 3650 Series Switches] DHCP snooping is a DHCP security feature that provides network security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding database, also referred to as a DHCP snooping binding table.
DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. You use DHCP snooping to differentiate between untrusted interfaces connected to the end user and trusted interfaces connected to the DHCP server or another switch. An untrusted DHCP message is a message that is received through an untrusted interface. By default, the switch considers all interfaces untrusted. So, the switch must be configured to trust some interfaces to use DHCP Snooping. The DHCP snooping binding database has the MAC address, the IP address, the lease time, the binding type, the VLAN number, and the interface information that corresponds to the local untrusted interfaces of a switch. The switch drops a DHCP packet when one of these situations occurs: Basic & Advanced Catalyst Layer 3 Switch Configuration: Creating VLANs, InterVLAN Routing (SVI), VLAN Security, VTP, Trunk Link, NTP Configuration. IOS License Requirements for SVI Routing.
This article covers basic and advanced configuration of Cisco Catalyst Layer 3 switches such as the Cisco Catalyst 3560G, 3560E, 3560-X, 3750, 3750E, 3750-X, 3850 and 4500 series, and extends to include the configuration of additional features considered important to the secure and correct operation of these devices.
In many cases, these Catalyst Layer 3 switches are purchase and installed with basic configuration or features enabled, without leveraging their layer 3 capabilities. After observing many installations that fell into this category (almost out of the box configurations), we decided it was a great idea to begin covering configuration best-practices that will help engineers understand the capabilities of this equipment and better adapt configurations to their company needs. The topics covered in this article include: Configuration commands covered in this article are applicable to all Cisco Catalyst Layer 3 switches. Layer 2 Switching Limitations Creating and Configuring VLANs.
78 19308 01.