Applying The Acl To An Interface Or Terminal Line - Cisco Catalyst 2950 Software Manual
Desktop switch software configuration guide
Hide thumbs
Also See for Catalyst 2950:
- Configuration manual (710 pages) ,
- Command reference manual (686 pages) ,
- Software configuration manual (674 pages)
Table of Contents
Advertisement
Chapter 12
Configuring Network Security with ACLs
Applying the ACL to an Interface or Terminal Line
After you create an ACL, you can apply it to one or more interfaces or terminal lines. ACLs can be
applied on inbound interfaces. This section describes how to accomplish this task for both terminal lines
and network interfaces. Note these guidelines:
•
•
•
•
Beginning in privileged EXEC mode, follow these steps to restrict incoming connections between a
virtual terminal line and the addresses in an ACL:
Command
Step 1
configure terminal
Step 2
line [console | vty] line-number
Step 3
access-class access-list-number {in}
Step 4
end
Step 5
show running-config
Step 6
copy running-config startup-config
Beginning in privileged EXEC mode, follow these steps to control access to a Layer 2 or Layer 3
interface:
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
ip access-group {access-list-number |
name} {in}
Step 4
end
78-11380-03
When controlling access to a line, you must use a number. Numbered ACLs and MAC extended
ACLs can be applied to lines.
When controlling access to an interface, you can use a name or number.
Set identical restrictions on all the virtual terminal lines because a user can attempt to connect to
any of them.
If you apply an ACL to a Layer-3 interface, the ACL only filters packets that are intended for the
CPU, such as SNMP, Telnet or Web traffic.
Purpose
Enter global configuration mode.
Identify a specific line for configuration, and enter in-line configuration
mode.
Enter console for the console terminal line. The console port is DCE.
Enter vty for a virtual terminal for remote console access.
The line-number is the first line number in a contiguous group that you want
to configure when the line type is specified. The range is from 0 to 16.
Restrict incoming and outgoing connections between a particular virtual
terminal line (into a device) and the addresses in an access list.
Return to privileged EXEC mode.
Display the access list configuration.
(Optional) Save your entries in the configuration file.
Purpose
Enter global configuration mode.
Identify a specific interface for configuration and enter interface
configuration mode.
The interface must be a Layer 2 or Layer 3 interface or a management
interface VLAN ID.
Control access to the specified interface.
Return to privileged EXEC mode.
Catalyst 2950 Desktop Switch Software Configuration Guide
Configuring ACLs
12-15
- Quick Links:
- Features
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
