Configuring Access Control Lists 567
To configure the switch:
1
Create an ACL named list1 and configures a rule for the ACL that permits
packets carrying TCP traffic that matches the specified Source IP address
(192.168.77.0/24), and sends these packets to the specified Destination IP
address (192.168.77.50).
console#config
console(config)#access-list list1 permit tcp
192.168.77.0 0.0.0.255 192.168.77.50 0.0.0.0
2
Define the rule to set similar conditions for UDP traffic as for TCP traffic.
console(config)#access-list list1 permit udp
192.168.77.0 0.0.0.255 192.168.77.3 0.0.0.255
console(config)#exit
3
Apply the rule to inbound (ingress) traffic on Gigabit Ethernet Port 2.
Only traffic matching the criteria will be accepted on this port.
console(config)#interface gi1/0/2
console(config-if-Gi1/0/2)#ip access-group list1
in
console(config-if-Gi11/0/2)#exit
Configuring a MAC ACL
The following example creates a MAC ACL named mac1 that denies all IPX
traffic on all ports. All other type of traffic is permitted.
To configure the switch:
1
Create a MAC Access List named mac1
console#config
console(config)#mac access-list extended mac1
2
Configure a rule to deny all IPX traffic, regardless of the source or
destination MAC address.
console(config-mac-access-list)#deny any any ipx
3
Configure a rule to permit all other types of traffic, regardless of the source
or destination MAC address.
console(config-mac-access-list)#permit any any
console(config-mac-access-list)#exit
4
Bind the ACL to all ports.
To Next Page
Loading...
