Including Comments In Acls; Applying An Ipv4 Acl To A Terminal Line - Cisco 3020 - Catalyst Blade Switch Configuration Manual

Chapter 26 Configuring Network Security with ACLs

Including Comments in ACLs

You can use the remark keyword to include comments (remarks) about entries in any IP standard or
extended ACL. The remarks make the ACL easier for you to understand and scan. Each remark line is
limited to 100 characters.
The remark can go before or after a permit or deny statement. You should be consistent about where you
put the remark so that it is clear which remark describes which permit or deny statement. For example,
it would be confusing to have some remarks before the associated permit or deny statements and some
remarks after the associated statements.
To include a comment for IP numbered standard or extended ACLs, use the access-list access-list
number remark remark global configuration command. To remove the remark, use the no form of this
command.
In this example, the server that belongs to Jones is allowed access, and the workstation that belongs to
Smith is not allowed access:
Switch(config)# access-list 1 remark Permit only Jones server through
Switch(config)# access-list 1 permit 171.69.2.88
Switch(config)# access-list 1 remark Do not allow Smith server through
Switch(config)# access-list 1 deny 171.69.3.13
For an entry in a named IP ACL, use the remark access-list configuration command. To remove the
remark, use the no form of this command.
In this example, the Jones subnet is not allowed to use outbound Telnet:
Switch(config)# ip access-list extended telnetting
Switch(config-ext-nacl)# remark Do not allow Jones subnet to telnet out
Switch(config-ext-nacl)# deny tcp host 171.69.2.88 any eq telnet

Applying an IPv4 ACL to a Terminal Line

You can use numbered ACLs to control access to one or more terminal lines. You cannot apply named
ACLs to lines. You must set identical restrictions on all the virtual terminal lines because a user can
attempt to connect to any of them.
For procedures for applying ACLs to interfaces, see the
on page
page
Beginning in privileged EXEC mode, follow these steps to restrict incoming and outgoing connections
between a virtual terminal line and the addresses in an ACL:
Command
Step 1 configure terminal
Step 2 line [console | vty] line-number
Step 3
access-class access-list-number
{in | out}
OL-8915-01
26-18. For applying ACLs to VLANs, see the
26-23.
Purpose
Enter global configuration mode.
Identify a specific line to configure, and enter in-line configuration mode.
console—Specify the console terminal line. The console port is DCE.
•
vty—Specify a virtual terminal for remote console access.
•
The line-number is the first line number in a contiguous group that you want
to configure when the line type is specified. The range is from 0 to 16.
Restrict incoming and outgoing connections between a particular virtual
terminal line (into a device) and the addresses in an access list.
"Applying an IPv4 ACL to an Interface" section
"Configuring VLAN Maps" section on
Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide
Configuring IPv4 ACLs
26-17