Configuration Guide Configuring ACL
acl-id: Indicates that a numbered expert extended ACL will be applied to the interface.
acl-name: Indicates that a named expert extended ACL will be applied to the interface.
in: Indicates that this ACL controls incoming L2 packets of the interface.
out: Indicates that this ACL controls outgoing L2 packets of the interface.
Interface configuration mode
This command makes an expert extended ACL take effect on the incoming or outgoing packets of a
specified interface.
Configuration Example
The following configuration example describes only ACL-related configurations.
Configuring an Expert Extended ACL to Restrict Resources Accessible by Visitors (It is required that visitors
and employees cannot communicate with each other, visitors can access the public resource server but not
the financial data server of the company.)
Configure an expert extended ACL.
Add an ACE to deny packets sent from PCs in the visitor area (VLAN 3) to employee PCs in VLAN 2.
Add an ACE to prevent visitors from accessing the financial data server of the company.
Add an ACE to permit all packets.
Apply the ACL to the incoming direction of the interface of the switch that connects to the visitor area.
sw1(config)#expert access-list extended 2700
sw1(config-exp-nacl)#deny ip any any 192.168.1.0 0.0.0.255 any
sw1(config-exp-nacl)#deny ip any any host 10.1.1.1 any
To Next Page
Loading...
Need help?
General
