General steps for implementing ACLs
Procedure
- Configure one or more ACLs. This creates and stores the ACLs in the switch configuration.
- Assign
an ACL. This step uses one of the following applications to assign
the ACL to an interface:
- If the ACL is applied as an RACL, enable IPv4 routing. Except for instances where the switch is the traffic source or destination, assigned RACLs filter IPv4 traffic only when routing is enabled on the switch.
CAUTION:
IPv4 source routing is enabled by default on the switch and can be used to override ACLs. For this reason, if you are using ACLs to enhance network security, the recommended action is to disable source routing on the switch. To do so, execute
no
ip source-route
.