Access Control Lists (ACLs) for the Series 5300xl Switches
Editing ACLs and Creating an ACL Offline
For example, suppose that you wanted to create an extended ACL to fulfill
the following requirements (Assume a subnet mask of 255.255.255.0.):
■ ID: “Controls for VLAN 20"
■ Deny Telnet access to a server at 10.10.10.100 on VLAN 10 from these
three IP addresses on VLAN 20 (with ACL logging):
• 10.10.20.17
• 10.10.20.23
• 10.10.20.40
■ Allow any access to the server from all other addresses on VLAN 20:
■ Permit internet access to these two IP address on VLAN 20, but deny
access to all other addresses on VLAN 20 (without ACL logging).
• 10.10.20.98
• 10.10.20.21
■ Deny all other traffic from VLAN 20 to VLAN 10.
■ Deny all traffic from VLAN 30 (10.10.30.0) to the server at 10.10.10.100
on VLAN 10 (without ACL logging), but allow any other traffic from
VLAN 30 to VLAN 10.
■ Deny all other inbound traffic to VLAN 20. (Hint: The implicit “deny
any” can achieve this objective.)
1. You would create a .txt file with the content shown in figure 9-24.
9-57
To Next Page
Loading...
