Cisco 2950G 24 - Catalyst Switch Software Configuration Manual page 506
Desktop switch
Hide thumbs
Also See for 2950G 24 - Catalyst Switch:
- Migration manual (25 pages) ,
- Datasheet (19 pages) ,
- Product support bulletin (5 pages)
Table of Contents
Advertisement
Configuring ACLs
Beginning in privileged EXEC mode, follow these steps to create a standard named access list using
names:
Command
Step 1
configure terminal
Step 2
ip access-list standard {name |
access-list-number}
Step 3
deny {source source-wildcard | host source |
any}
or
permit {source source-wildcard | host source |
any}
Step 4
end
Step 5
show access-lists [number | name]
Step 6
copy running-config startup-config
Beginning in privileged EXEC mode, follow these steps to create an extended named ACL using names:
Command
Step 1
configure terminal
Step 2
ip access-list extended {name |
access-list-number}
Step 3
{deny | permit} protocol
{source source-wildcard | host source | any}
[operator port] {destination
destination-wildcard | host destination | any}
[operator port] [dscp dscp-value] [time-range
time-range-name]
Step 4
end
Catalyst 2950 Desktop Switch Software Configuration Guide
25-14
Chapter 25
Purpose
Enter global configuration mode.
Define a standard IP access list by using a name, and enter
access-list configuration mode.
Note
The name can be a number from 1 to 99.
In access-list configuration mode, specify one or more conditions
denied or permitted to determine if the packet is forwarded or
dropped.
•
host source represents a source and source-wildcard of source
0.0.0.0.
•
any represents a source and source-wildcard of 0.0.0.0
255.255.255.255.
Note
The log option is not supported on the switches.
Return to privileged EXEC mode.
Show the access list configuration.
(Optional) Save your entries in the configuration file.
Purpose
Enter global configuration mode.
Define an extended IP access list by using a name, and enter
access-list configuration mode.
Note
The name can be a number from 100 to 199.
In access-list configuration mode, specify the conditions allowed
or denied.
See the
"Creating a Numbered Extended ACL" section on
page 25-10
for definitions of protocols and other keywords.
host source represents a source and source-wildcard of source
•
0.0.0.0, and host destination represents a destination and
destination-wildcard of destination 0.0.0.0.
•
any represents a source and source-wildcard or destination
and destination-wildcard of 0.0.0.0 255.255.255.255.
dscp—Enter to match packets with any of the supported 13 DSCP
values ( 0, 8, 10, 16, 18, 24, 26, 32, 34, 40, 46, 48, and 56), or use
the question mark (?) to see a list of available values.
The time-range keyword is optional. For an explanation of this
keyword, see the
"Applying Time Ranges to ACLs" section on
page
25-15.
Return to privileged EXEC mode.
Configuring Network Security with ACLs
78-14982-01
Advertisement
Table of Contents
Troubleshooting
