Assistance in the Protection from Un-
authorized Access
114
6.8
Access Control Lists (ACL)
UM Basic Configuration L3P
Release
7.1
12/2011
6.8.4 Configuring IP ACLs
Example: Extended ACL
B and C are not allowed to communicate with A.
enable Switch to the privileged EXEC mode.
configure Switch to the Configuration mode.
access-list 100 deny ip
10.0.1.11 0.0.0.0
10.0.1.158 0.0.0.0
access-list 100 permit
ip any any
Create the extended ACL 100 with the first rule.
This denies data traffic from IP source address
10.0.1.11 to IP destination address 10.0.1.158.
Add another rule to the ACL 100. This permits data
traffic from any IP source address to any IP
destination address.
access-list 110 deny ip
10.0.1.13 0.0.0.0
10.0.1.158 0.0.0.0
access-list 110 permit
ip any any
Create the extended ACL 110 with the first rule.
This denies data traffic from IP source address
10.0.1.13 to IP destination address 10.0.1.158.
Add another rule to the ACL 110. This permits data
traffic from any IP source address to any IP
destination address.
exit Switch to the privileged EXEC mode.
show ip access-lists 100 Displays the rules of ACL 100.
CB
DA
IP: 10.0.1.13/24
IP: 10.0.1.158/24
IP: 10.0.1.11/24
IP: 10.0.1.159/24
Interface: 3.1
Interface: 2.1Interface: 1.3
Interface: 2.3
To Next Page
Loading...
Need help?
General
