Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

62-44

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 62 Configuring Network Security with ACLs

Configuring Object Group ACLs

Applying an IPv4 OG ACL to an Interface

An object group ACL can be used to control traffic on the interface it is applied to. To apply an object

group ACL to an interface, perform the following task:

Step 3

remark remark

Example:

Switch(config-ext-nacl)# remark my-ogacl-policy

is to provide the marketing network access to

the server

(Optional) Adds a comment about the configured access

list entry.

A remark can precede or follow an access list entry.

In this example, the remark reminds the network

administrator that the subsequent entry denies the

Marketing network access to the interface.

Step 4

permit protocol source [source-wildcard] destination

[destination-wildcard] [option option-name]

[precedence precedence] [tos tos] [established] [log |

log-input] [time-range time-range-name]

[fragments]

Example:

Switch(config-ext-nacl)# permit object-group

my-service-object-group object-group

my-network-object-group any

Permits any packet that matches all conditions specified in

the statement.

Every access list needs at least one permit statement.

Optionally use the object-group

service-object-group-name keyword and argument as a

substitute for the protocol.

Optionally use the object-group

source-network-object-group-name keyword and argument

as a substitute for the source source-wildcard.

Optionally use the object-group

destination-network-object-group-name keyword and

argument as a substitute for the destination

destination-wildcard.

If source-wildcard or destination-wildcard is omitted, a

wildcard mask of 0.0.0.0 is assumed, which matches on all

bits of the source or destination address, respectively.

Optionally use the any keyword as a substitute for the

source source-wildcard or destination destination-wildcard

to specify the address and wildcard of 0.0.0.0

255.255.255.255.

Use the log-input keyword to include input interface,

source MAC address, or virtual circuit in the logging

output.

Step 5

Repeat the steps to specify the fields and values on

which you want to base your access list.

Remember that all sources not specifically permitted are

denied by an implicit deny statement at the end of the

access list.

Step 6

end

Example:

Device(config-ext-nacl)# end

Exits extended access-list configuration mode and returns

to privileged EXEC mode.

Command or Action Purpose

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Administration Guide1814 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E