Chapter 8: Security Features 135
For more information on the access list commands, see the CN1610 Network
Switch CLI Command Reference.
ACL configuration
overview
To configure ACLs, follow these steps:
1. Create an ACL.
ā Create a MAC ACL by specifying a name.
ā Create an IP ACL by specifying a number.
2. Add new rules to the ACL.
3. Configure the match criteria for the rules.
4. Apply the ACL to one or more interfaces.
Configuration
example 1āIP ACL
This example sets up an IP ACL with two rules, one applicable to TCP traffic and
one to UDP traffic. The content of the two rules is the same. TCP and UDP
packets will only be accepted by the switch if the source and destination stations
have IP addresses that fall within the defined sets.
The following commands create an ACL named
list1
and configure a rule for
the ACL. The rule permits packets carrying TCP traffic that match the specified
source IP address and sends them to the specified destination IP address.
The following commands define the rule to set similar conditions for UDP traffic
as for TCP traffic:
Command Description
show mac access-
lists
Displays summary information for all configured
MAC access lists or a specified MAC access list
and all of the rules that are defined for it.
show ip access-
lists
Displays summary information about all IP ACLs
configured on the switch.
(CN1610) #config
(CN1610) (Config)#access-list 100 permit tcp 192.168.77.0 0.0.0.255 192.168.77.3
0.0.0.0
To Next Page
Loading...
