Table of Contents
Advertisement
Switch #show access-group
interface name:Ethernet0/0/10
MAC Ingress access-list used is 1100.
Scenario 3:
The user has the following configuration requirement: port 1/10 of the switch connects to
00-12-11-23-XX-XX segment, IP is 10.0.0.0/24 segment , ftp is not desired for the user.
Configuration description:
a)Create a proper ACL
b)Configuring packet filtering function
c)Bind the ACL to the port
The configuration steps are listed below:
Switch(Config)#access-list 3110 deny 00-12-11-23-00-00 00-00-00-00-FF-FF
any-destination-mac tcp 10.0.0.0 0.0.0.255 any-destination d-port 21
Switch(Config)#firewall enable
Switch(Config)#firewall default permit
Switch(Config)#interface ethernet 0/0/10
Switch(Config-Ethernet0/0/10)#mac-ip access-group 3110 in
Switch(Config-Ethernet0/0/10)#exit
Switch(Config)#exit
Configuration result:
Switch#show firewall
Firewall is enabled.
Firewall default rule is to permit any packet.
Switch#show access-lists
access-list 3110(used 1 time(s))
access-list 3110 deny 00-12-11-23-00-00 00-00-00-00-FF-FF any-destination-mac tcp
10.0.0.0 0.0.0.255 any-destination d-port 21
Switch #show access-group
interface name:Ethernet0/0/10
MAC-IP Ingress access-list used is 3110.
15.5 ACL Troubleshooting
15.5.1 Monitor and Debug Command List
15.5.1.1 show access-lists
DCS-3950 series Ethernet switch manual
279
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
