Configuring A Per-User Acl And Filter-Id Acl - Cisco Catalyst 4500 Series Software Configuration Manual
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Configuring 802.1X Port-Based Authentication
Handle:
Current Policy:
Local Policies:
Template: MYACL (priority 150)
Filter-ID:
Server Policies:
URL Redirect ACL:
ACS ACL:
Method status list:
Method
mab
The following command displays the contents of the Filter-Id applied on the interface:
Switch# show ip access-list interface gi6/3
deny ip host 20.20.0.2 host 155.155.155.156
deny ip host 20.20.0.2 156.100.60.0 0.0.0.255
deny tcp host 20.20.0.2 host 156.100.10.116 eq www
Guidelines for Per-User ACL and Filter-ID ACL
For per user ACL and Filter-ID ACL, the ACL source must be ANY
(permit TCP ANY host 1.1.1.1 eq 80 or permit TCP ANY host 1.1.1.1 eq 443).
Configuring a Per-User ACL and Filter-ID ACL
To configure per-user ACL and Filter-ID ACL, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# access-list
access-list-number {deny | permit}
source [source-wildcard] [log]
Step 3
Switch(config-if)# interface
interface-id
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
49-52
0xF3000061
POLICY_Gi2/9
TEST-ACL
testacl
xACSACLx-IP-PERMIT_ALL_TRAFFIC-51def075
State
Authc Success
Purpose
Enters global configuration mode.
Defines the default port ACL through a source address and wildcard.
The access-list-number is a decimal from 1 to 99 or 1300 to 1999.
Enter deny or permit to specify whether to deny or permit access if
conditions match.
source is the address of the network or host from which the packet is sent,
specified as follows:
•
•
•
(Optional) Applies the source-wildcard wildcard bits to the source.
(Optional) Enters log to cause an informational logging message about the
packet that matches the entry to be sent to the console.
Enters interface configuration mode.
Chapter 49
The 32-bit quantity in dotted-decimal format
The keyword any as an abbreviation for source and source-wildcard
value of 0.0.0.0 255.255.255.255
You do not need a source-wildcard value.
The keyword host as an abbreviation for source and source-wildcard
of source 0.0.0.0.
Configuring 802.1X Port-Based Authentication
Advertisement
Chapters
Table of Contents
Troubleshooting
