Configuration Guide Configuring ACL
On a visitor's PC, ping the financial data server. Verify that the ping operation fails.
On a visitor's PC, ping the public resource server. Verify that the ping operation succeeds.
On a visitor's PC, access the Internet, for example, visit the Baidu website. Verify that the webpage can
be opened.
sw1(config)#show access-lists
mac access-list extended 700
10 deny any host 00e0.f800.000d etype-any
20 permit any any etype-any
sw1(config)#show access-group
mac access-group 700 in
Applied On interface GigabitEthernet 0/2
11.4.3 Configuring an Expert Extended ACL
Configuration Effect
Configure and apply an expert extended ACL to an interface to control incoming and outgoing packets of the interface based
on the L2 and L3 information, and allow or prohibit the entry of specific packets to the network. In addition, you can configure
an expert extended ACL to control all L2 packets based on the VLAN to permit or deny the access of users in some network
segments to network resources. Generally, you can use an expert extended ACL if you want to incorporate ACEs of the IP
ACL and MAC extended ACL into one ACL.
Configuration Steps
Configuring an Expert Extended ACL
(Mandatory) Configure an expert extended ACL if you want to control users' access to network resources based on the
L2 packet header, for example, the VLAN ID.
You can configure this ACL on an access, an aggregate, or a core device based on the distribution of users. The expert
extended ACL takes effect only on the local device, and does not affect other devices on the network.
Adding ACEs to an Expert Extended ACL
(Optional) An ACL may contain zero or multiple ACEs. If no ACE is configured, all incoming packets of the device are
denied by default.
Applying an Expert Extended ACL
(Mandatory) Apply an expert extended ACL to a specified interface if you want this ACL take effect.
You can apply an expert extended ACL in the incoming or outgoing direction of a specified interface of an access, an
aggregate, or a core device based on the distribution of users.
Verification
To Next Page
Loading...
Need help?
General
