Applying An Ipv4 Acl To An Interface - Cisco Catalyst 2975 Software Configuration Manual
Ios release 12.2(55)se
Hide thumbs
Also See for Catalyst 2975:
- Hardware installation manual (62 pages) ,
- Brochure (19 pages) ,
- Getting started manual (17 pages)
Table of Contents
Advertisement
Configuring IPv4 ACLs
Applying an IPv4 ACL to an Interface
Note these guidelines:
•
•
•
•
•
•
•
Beginning in privileged EXEC mode, follow these steps to control access to an interface:
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
ip access-group {access-list-number |
name} {in | out}
Step 4
end
Step 5
show running-config
Step 6
copy running-config startup-config
To remove the specified access group, use the no ip access-group {access-list-number | name} {in | out}
interface configuration command.
This example shows how to apply access list 2 to a port to filter packets entering the port:
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# ip access-group 2 in
This example shows how to apply access list 3 to filter packets going to the CPU:
Switch(config)# interface vlan 1
Switch(config-if)# ip access-group 3 in
Catalyst 2975 Switch Software Configuration Guide
31-18
Apply an ACL only to inbound Layer 2 ports.
Apply an ACL to either inbound or outbound VLAN interfaces to filter packets that are intended for
the CPU, such as SNMP, Telnet, or web traffic. IPv4 ACLs applied to VLAN interfaces provide
switch management security by limiting access to a specific host in the network or to specific
applications (SNMP, Telnet, SSH, and so on). ACLs attached to VLAN interfaces do not impact the
hardware switching of packets on the VLAN.
Apply an ACL to either outbound or inbound Layer 3 SVIs.
When controlling access to an interface, you can use a named or numbered ACL.
If you apply an ACL to a port that is a member of a VLAN, the port ACL takes precedence over an
ACL applied to the VLAN interface.
If you apply an ACL to a Layer 2 interface that is a member of a VLAN, the Layer 2 (port) ACL
takes precedence over an input Layer 3 ACL applied to the VLAN interface. The port ACL always
filters incoming packets received on the Layer 2 port.
If you apply an ACL to a Layer 3 interface and routing is not enabled, the ACL only filters packets
that are intended for the CPU, such as SNMP, Telnet, or web traffic. You do not have to enable
routing to apply ACLs to Layer 2 interfaces.
Purpose
Enter global configuration mode.
Identify a specific interface for configuration, and enter interface
configuration mode.
The interface can be a physical interface or a VLAN interface.
Control access to the specified interface.
The out keyword is supported only for VLAN interfaces.
Return to privileged EXEC mode.
Display the access list configuration.
(Optional) Save your entries in the configuration file.
Chapter 31
Configuring Network Security with ACLs
OL-19720-02
- Quick Links:
- Management Options
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
