Name: Cisco Catalyst 2950
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

12-20

Catalyst 2950 Desktop Switch Software Configuration Guide

78-11380-03

Chapter12 Configuring Network Security with ACLs

Configuring ACLs

Commented IP ACL Entry Examples

In this example of a numbered ACL, the workstation belonging to Jones is allowed access, and the

workstation belonging to Smith is not allowed access:

Switch(config)# access-list 1 remark Permit only Jones workstation through

Switch(config)# access-list 1 permit 171.69.2.88

Switch(config)# access-list 1 remark Do not allow Smith workstation through

Switch(config)# access-list 1 deny 171.69.3.13

In this example of a numbered ACL, the Winter and Smith workstations are not allowed to browse the

Web:

Switch(config)# access-list 100 remark Do not allow Winter to browse the web

Switch(config)# access-list 100 deny host 171.69.3.85 any eq www

Switch(config)# access-list 100 remark Do not allow Smith to browse the web

Switch(config)# access-list 100 deny host 171.69.3.13 any eq www

In this example of a named ACL, the Jones subnet is not allowed access:

Switch(config)# ip access-list standard prevention

Switch(config-std-nacl)# remark Do not allow Jones subnet through

Switch(config-std-nacl)# deny 171.69.0.0 0.0.255.255

In this example of a named ACL, the Jones subnet is not allowed to use outbound Telnet:

Switch(config)# ip access-list extended telnetting

Switch(config-ext-nacl)# remark Do not allow Jones subnet to telnet out

Switch(config-ext-nacl)# deny tcp 171.69.0.0 0.0.255.255 any eq telnet

Creating Named MAC Extended ACLs

You can filter Layer 2 traffic on a physical Layer 2 interface by using MAC addresses and named MAC

extended ACLs. The procedure is similar to that of configuring other extended named access lists.

Note NamedMACextendedACLsareusedasapartofthemac access-group privileged EXEC command.

For more information about the supported non-IP protocols in the mac access-list extended command,

refer to the Catalyst 2950 Desktop Switch Command Reference for this release.

Note Though visible in the command-line help strings, appletalk is not supported as a matching condition for

the deny and permit MAC access-list configuration mode commands, nor is matching on any

SNAP-encapsulated packet with a non-zero Organizational Unique Identifier (OUI).

Beginning in privileged EXEC mode, follow these steps to create a named MAC extended ACL:

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

mac access-list extended name Define an extended MAC access list by using a name.

Cisco Catalyst 2950 Specifications

General

Forwarding Bandwidth	8.8 Gbps
Switching Capacity	13.6 Gbps
Forwarding Rate	6.6 Mpps
Weight	3.6 kg
RAM	16 MB
Flash Memory	8 MB
Operating Humidity	10% to 85% non-condensing
Uplink Ports	2 x 10/100/1000Base-T
Dimensions	4.4 cm x 44.5 cm x 24.2 cm
Remote Management Protocol	SNMP, Telnet, HTTP
Features	Quality of Service (QoS), VLAN support
Compliant Standards	IEEE 802.3, IEEE 802.3u, IEEE 802.1D, IEEE 802.1Q, IEEE 802.1p
Status Indicators	system
Operating Temperature	0 to 45°C
Ports	24 x 10/100 Ethernet ports
MAC Address Table Size	8, 192 entries
Power Supply	Internal 100-240V AC, 50-60Hz

Cisco Catalyst 2950 Software Guide

Table of Contents

Other manuals for Cisco Catalyst 2950

Questions and Answers:

Cisco Catalyst 2950 Specifications

Related product manuals