634 Configuring Access Control Lists
5
Create an ACL named web-limit that denies HTTP traffic during the
work-hours time range.
console(config)#ip access-list web-limit
console(config-ip-acl)#deny tcp any any eq http time-range
work-hours
console(config-ip-acl)#permit every
6
Enter interface configuration mode for VLAN 100 and apply the ACL to
ingress traffic.
console(config)#interface vlan 100
console(config-if-vlan100)#ip access-group weblimit
in
console(config-if-vlan100)#exit
console(config)#exit
7
Verify the configuration.
console(config)#show ip access-lists web-limit
IP ACL Name: web-limit
Rule Number: 1
Action......................................... deny
Match All...................................... FALSE
Protocol....................................... 6(tcp)
Source IP Address.............................. any
Destination IP Address......................... any
Destination Layer 4 Operator................... Equal To
Destination L4 Port Keyword.................... 80(www/http)
Rule Number: 2
Action......................................... permit
Match All...................................... TRUE
Denying FTP Traffic
This example drops incoming FTP setup and data traffic on interfaces
gi1/0/24 to 48. This example is suitable for configuration on a switch or a
router:
ip access-list deny-ftp
!
deny tcp any any eq ftp
deny tcp any any eq ftp-data
permit every
exit
To Next Page
Loading...
