+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
Bind the ACL to the related interface.
The configuration steps are listed as below.
Switch(config)#access-list 1100 deny 00-12-11-23-00-00 00-00-00-00-ff-ff any-destination-mac
untagged-802-3
Switch(config)#access-list 1100 deny 00-12-11-23-00-00 00-00-00-00-ff-ff any tagged-802
Switch(config)#firewall enable
Switch(config)#interface ethernet 1/10
Switch(Config-If-Ethernet1/10)#mac access-group 1100 in
Switch(Config-If-Ethernet1/10)#exit
Switch(config)#exit
Configuration result:
Switch#show firewall
Firewall Status: Enable.
Firewall Default Rule: Permit.
Switch #show access-lists
access-list 1100(used 1 time(s))
access-list 1100 deny 00-12-11-23-00-00 00-00-00-00-ff-ff
any-destination-mac
untagged-802-3
access-list 1100 deny 00-12-11-23-00-00 00-00-00-00-ff-ff
any-destination-mac
Switch #show access-group interface ethernet 1/10
interface name:Ethernet1/10
MAC Ingress access-list used is 1100,traffic-statistics Disable.
Scenario 3:
The configuration requirement is stated as below: The MAC address range of the network
connected to the interface 10 of the switch is 00-12-11-23-xx-xx, and IP network is 10.0.0.0/24.
FTP should be disabled and ping requests from outside network should be disabled.
Configuration description:
Create the corresponding access list.
Configure datagram filtering.
Bind the ACL to the related interface.
The configuration steps are listed as below.
Switch(config)#access-list 3110 deny 00-12-11-23-00-00 00-00-00-00-ff-ff any-destination-mac
tcp 10.0.0.0 0.0.0.255 any-destination d-port 21
Switch(config)#access-list 3110 deny any-source-mac 00-12-11-23-00-00 00-00-00-00-ff-ff
icmp any-source 10.0.0.0 0.0.0.255
To Next Page
Loading...
