Cisco Catalyst 2360 Software Configuration Manual page 395
Ios 12.2(53)ey
Hide thumbs
Also See for Catalyst 2360:
- Hardware installation manual (74 pages) ,
- Getting started manual (21 pages)
Table of Contents
Advertisement
Chapter 24
Managing Network Security with ACLs
Beginning in privileged EXEC mode, follow these steps to create an extended ACL:
Command
Step 1
configure terminal
Step 2
access-list access-list-number
{deny | permit |
remark}source-source-wildcard
{any | host}
destination destination-wildcard
[log]
Step 3
end
Step 4
show access-lists [number | name] Verify the access list configuration.
Step 5
copy running-config
startup-config
Use the no access-list access-list-number global configuration command to delete the entire access list.
You cannot delete individual ACEs from numbered access lists.
This example shows how to create and display an extended access list to deny Telnet access from any
host in network 171.69.198.0 to any host in network 172.20.52.0 and to permit any others. (The eq
keyword after the destination address means to test for the TCP destination port number equaling
Telnet.)
Switch(config)# access-list 102 deny tcp 171.69.198.0 0.0.0.255 172.20.52.0 0.0.0.255 eq
telnet
Switch(config)# access-list 102 permit tcp any any
Switch(config)# end
Switch# show access-lists
Extended IP access list 102
After an ACL is created, any additions (possibly entered from the terminal) are placed at the end of the
list. You cannot selectively add or remove access list entries from a numbered access list.
OL-19808-01
Purpose
Enter global configuration mode.
Define an extended IPv4 access list and the access conditions.
The access-list-number is a decimal number from 100 to 199 or 2000 to 2699.
Enter deny or permit to specify whether to deny or permit the packet if
conditions are matched.
Enter remark to speecify a comment string.
The source is the number of the network or host from which the packet is sent.
The source-wildcard applies wildcard bits to the source.
The destination is the network or host number to which the packet is sent.
The destination-wildcard applies wildcard bits to the destination.
Source, source-wildcard, destination, and destination-wildcard can be specified
as:
The 32-bit quantity in dotted-decimal format.
•
The keyword any for 0.0.0.0 255.255.255.255 (any host).
•
The keyword host for a single host 0.0.0.0.
•
Note
Return to privileged EXEC mode.
(Optional) Save your entries in the configuration file.
10 deny tcp 171.69.198.0 0.0.0.255 172.20.52.0 0.0.0.255 eq telnet
20 permit tcp any any
Although visible in the command-line help, the log keyword is not
supported.
Catalyst 2360 Switch Software Configuration Guide
Configuring IPv4 ACLs
24-7
Advertisement
Chapters
Table of Contents
