Table of Contents
Advertisement
Configuring Traffic Filtering
The Cisco 10000 series router provides traffic filtering capabilities using access control lists (ACLs).
Access lists filter network traffic by controlling whether routed packets are forwarded or blocked at the
router's interfaces. Using ACLs, you can do such things as restrict the contents of routing updates,
provide traffic flow control, and provide security for your network.
The Cisco 10000 series router supports the following ACL types and features:
•
•
•
•
•
•
For more information about ACLs, see the following documents:
•
•
This chapter describes the following features:
•
•
IP Receive ACLs
The IP Receive ACLs feature provides basic filtering capability for traffic that is destined for the router
and protects the router from remote intrusions.
To restrict access to the router, you apply a numbered ACL to the ingress interface of the router. You can
restrict access to the router to known and trusted sources, and to expected traffic profiles. The IP Receive
ACLs feature supports both standard and extended ACLs. The rules for numbered ACLs also apply to
the access control entries (ACEs) of the IP receive ACL.
The IP receive ACL filters traffic on the parallel express forwarding engine (PXF) before filtering the
packets received by the route processor (RP). This feature protects the router from denial of service
(DoS) floods, thereby preventing the flood from degrading the performance of the route processor (RP).
OL-2226-23
Standard and extended ACLs
Named and numbered ACLs
Turbo-ACLs
Per-user ACLs
IP receive ACLs
Time-based ACLs
Turbo Access Control Lists, Release 12.1(5)T feature module
Part 3: Traffic Filtering and Firewalls in the Cisco IOS Security Configuration Guide, Release 12.2
IP Receive ACLs, page 12-1
Time-Based ACLs, page 12-4
C H A P T E R
Cisco 10000 Series Router Software Configuration Guide
12
12-1
Advertisement
Table of Contents
Troubleshooting
