28-22
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-09
Chapter 28 Configuring Network Security with ACLs
Configuring IP ACLs
Figure 28-3 Using Router ACLs to Control Traffic
This example uses a standard ACL to filter traffic coming into Server B from port 0/3, permitting traffic
only from Accounting’s source addresses 172.20.128.64 to 172.20.128.95.
Switch(config)# access-list 6 permit 172.20.128.64 0.0.0.31
Switch(config)# end
Switch# show access-lists
Standard IP access list 6
permit 172.20.128.64, wildcard bits 0.0.0.31
Switch(config)# interface gigabitethernet0/3
Switch(config-if)# ip access-group 6 out
The ACL is applied to traffic coming out of routed port 0/3 from the specified source address.
This example uses an extended ACL to filter traffic coming from Server B into port 0/3, permitting traffic
from any source address (in this case Server B) to only the Accounting destination addresses
172.20.128.64 to 172.20.128.95.
Switch(config)# access-list 106 permit ip any 172.20.128.64 0.0.0.31
Switch(config)# end
Switch# show access-lists
Extended IP access list 106
permit ip any 172.20.128.64 0.0.0.31
Switch(config)# interface gigabitethernet0/3
Switch(config-if)# ip access-group 106 in
The ACL is then applied to traffic going into routed port 0/3, permitting it to go only to the specified
destination addresses. Note that with extended ACLs, you must enter the protocol (IP) before the source
and destination information.
Si
Server A
Benefits
Server B
Payroll
Port 0/3Port 0/2
Catalyst 3550 switch
Accounting
172.20.128.64-95
Human Resources
172.20.128.0-31
86303
To Next Page
Loading...
Need help?
General
