Access Control Lists (ACLs) for the Series 5300xl Switches
Enable ACL “Deny” Logging
b. If you are using a Syslog server, use the logging command to configure
the server’s IP address. (You can configure up to six Syslog servers.)
c. Ensure that the switch can access any Syslog servers you specify.
2. Configure one or more ACLs with the deny action and the log option.
For example, suppose that you want to:
■ On VLAN 100 configure an extended ACL with an ACL-ID of 143 to
deny Telnet traffic from IP address 18.38.100.127 on VLAN 100.
■ Configure the switch to send an ACL log message to the console and
to a Syslog server at IP address 18.38.110.54 on VLAN 110 if the switch
detects a match denying Telnet access from 18.38.100.127.
(This example assumes that IP routing is already configured on the switch.)
VLAN 110
18.38.110.1
Subnet 110
18.38.110.54
VLAN 100
18.38.100.1
18.38.100.127
Subnet 100
Syslog Server
Configure extended ACL 143
here to deny Telnet access to
inbound Telnet traffic from IP
address 18.38.100.127.
Block Telnet access to the
network from this host.
Series 5300XL Switch
Console
Console RS-232 Port
Figure 9-27. Example of an ACL Log Application
9-61
To Next Page
Loading...
Need help?
General