Applying Acls To A Terminal Line - Cisco Catalyst 2950 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2950:
- Configuration manual (710 pages) ,
- Command reference manual (686 pages) ,
- Software configuration manual (544 pages)
Table of Contents
Advertisement
Chapter 28
Configuring Network Security with ACLs
You can apply ACLs to any management interface. For information on creating ACLs on management
interfaces, see the "Configuring IP Services" section of the Cisco IOS IP and IP Routing Configuration
Guide, Cisco IOS Release 12.1 and the Cisco IOS IP and IP Routing Command Reference, Cisco IOS
Release 12.1.
The limitations that apply to ACLs on physical interfaces do not apply to ACLs on management
Note
interfaces.
After you create an ACL, you can apply it to one or more management interfaces or terminal lines. ACLs
can be applied on inbound interfaces. This section describes how to accomplish this task for both
terminal lines and network interfaces. Note these guidelines:
•
•
•
•
Applying ACLs to a Terminal Line
Beginning in privileged EXEC mode, follow these steps to restrict incoming connections between a
virtual terminal line and the addresses in an ACL:
Command
Step 1
configure terminal
Step 2
line [console | vty] line-number
Step 3
access-class access-list-number {in}
Step 4
end
Step 5
show running-config
Step 6
copy running-config startup-config
78-11380-12
When controlling access to a line, you must use numbered IP ACLs or MAC extended ACLs.
When controlling access to an interface, you can use named or numbered ACLs.
Set identical restrictions on all the virtual terminal lines because a user can attempt to connect to
any of them.
If you apply ACLs to a management interface, the ACL only filters packets that are intended for the
CPU, such as SNMP, Telnet, or web traffic.
Purpose
Enter global configuration mode.
Identify a specific line for configuration, and enter in-line configuration
mode.
Enter console for the console terminal line. The console port is DCE.
Enter vty for a virtual terminal for remote console access.
The line-number is the first line number in a contiguous group that you want
to configure when the line type is specified. The range is from 0 to 16.
Restrict incoming and outgoing connections between a particular virtual
terminal line (into a device) and the addresses in an access list.
Return to privileged EXEC mode.
Display the access list configuration.
(Optional) Save your entries in the configuration file.
Applying ACLs to Terminal Lines or Physical Interfaces
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
28-19
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
