ip access list features roadmap
TRANSCRIPT
-
8/7/2019 IP Access List Features Roadmap
1/2
Americas Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
2007 Cisco Systems, Inc. All rights reserved.
IP Access List Features Roadmap
First Published: August 18, 2006
Last Updated: August 18, 2006
This roadmap lists the access list features documented in the Cisco IOS Security Configuration Guide
and maps them to the modules in which they appear.
Feature and Release Support
Table 1 lists access list feature support for the Cisco IOS software releases 12.2S, 12.3T, and 12.4T.
Only features that were introduced or modified in Cisco IOS Release 12.2(1) or a later release appear in
the table. Not all features may be supported in your Cisco IOS software release.
Use Cisco Feature Navigator to find information about platform support and software image support.
Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images
support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to
http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a givenCisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS
software release train also support that feature.
Table 1 Supported Access List Features
Release Feature Name Feature Description Where Documented
Cisco IOS Releases 12.2S, 12.3T, and 12.4T
12.3(4)T
12.2(25)S
ACL Support for Filtering
IP Options
This feature allows you to filter packets
having IP Options, in order to prevent routers
from becoming saturated with spurious
packets.
Creating an IP Access List to Filter
IP Options, TCP Flags,
Noncontiguous Ports, or TTL Values
-
8/7/2019 IP Access List Features Roadmap
2/2
IP Access List Features Roadmap
2
CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco l ogo, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence,
Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are
service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP,
CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IO S, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo,
Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive,
HomeLink, Internet Quotient, IOS, iPhone, iQuick St udy, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace,
MeetingPlace Chime Sound, MGX, N etworkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare,
SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo
are registered trademarks of Cisco Systems, Inc. and/or it s affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply
a partnership relationship between Cisco and any other company. (0812R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any
examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only.
Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
2007 Cisco Systems, Inc. All right s reserved.
12.3(4)T
12.2(25)S
ACL TCP Flags Filtering This feature provides a flexible mechanism
for filtering on TCP flags. Before Cisco IOS
Release 12.3(4)T, an incoming packet wasmatched as long as any TCP flag in the packet
matched a flag specified in the access control
entry (ACE). This behavior allows for a
security loophole, because packets with all
flags set could get past the access control list
(ACL). The ACL TCP Flags Filtering feature
allows you to select any combination of flags
on which to filter. The ability to match on a
flag set and on a flag not set gives you a
greater degree of control for filtering on TCP
flags, thus enhancing security.
Creating an IP Access List to Filter
IP Options, TCP Flags,
Noncontiguous Ports, or TTL Values
12.3(7)T
12.2(25)S
ACLNamed ACL
Support forNoncontiguous Ports on
an Access Control Entry
This feature allows you to specify
noncontiguous ports in a single access controlentry, which greatly reduces the number of
entries required in an access control list when
several entries have the same source address,
destination address, and protocol, but differ
only in the ports.
Creating an IP Access List to Filter
IP Options, TCP Flags,Noncontiguous Ports, or TTL Values
12.4(2)T ACL Support for Filtering
on TTL Value
You may use extended IP access lists (named
or numbered) to filter packets based on their
time-to-live (TTL) value, from 0 to 255. This
filtering enhances your control over which
packets reach a router.
Creating an IP Access List to Filter
IP Options, TCP Flags,
Noncontiguous Ports, or TTL Values
12.4(6)T ACL Manageability The ACL Manageability feature enables users
to display and clear Access Control Entry(ACE) statistics per interface and per
incoming or outgoing traffic direction for
access control lists (ACLs).
Displaying and Clearing IP Access
List Data Using ACL Manageability
Table 1 Supported Access List Features (continued)
Release Feature Name Feature Description Where Documented