558 Configuring Access Control Lists
Management Access List Example
The commands in this example create a management ACL that permits
access to the switch through the in-band switch ports on VLAN 1 and on port
9 from hosts with an IP address in the 10.27.65.0 subnet. Attempts to access
the management interfaces from any other hosts and on any other interfaces
is denied.
To configure the switch:
1
Create a management ACL and enter the configuration mode for the
ACL.
console#configure
console(config)#management access-list mgmt_ACL
2
Create a rule that allows access from hosts in the 10.27.65.0 network on
VLAN 1 and assign a priority of 1 to the rule.
console(config-macl)#permit ip-source 10.27.65.0
mask 255.255.255.0 vlan 1 priority 1
3
Create a rule that allows access from hosts in the 10.27.65.0 network on
connected to port 9 and assign a priority of 2 to the rule.
console(config-macl)#permit ip-source 10.27.65.0
mask 255.255.255.0 Gi1/0/9 priority 2
console(config-macl)#exit
4
Activate the ACL.
console(config)#management access-class mgmt_ACL
console(config)#exit
5
Verify the management ACL configuration.
console#show management access-list
mgmt_ACL
--------
permit ip-source 10.27.65.0 mask 255.255.255.0
vlan 1 priority 1
permit ip-source 10.27.65.0 mask 255.255.255.0
Gi1/0/9 priority 2
! (Note: all other access implicitly denied)
6
Verify that the configured management ACL is in use.
To Next Page
Loading...
