Examples for compiling acls – IBM 12.1(22)EA6 User Manual

22-22

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Chapter 22 Configuring Network Security with ACLs

Examples for Compiling ACLs

interface GigabitEthernet0/17

ip access-group 11 in

snmp trap link-status

no cdp enable

end!

Examples for Compiling ACLs

For detailed information about compiling ACLs, see the Security Configuration Guide and the “IP
Services” chapter of the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.1.

Figure 22-2

shows a small networked office with a number of switches that are connected to a Cisco

router. A host is connected to the network through the Internet using a WAN link.

Use switch ACLs to do these:

•

Create a standard ACL, and filter traffic from a specific Internet host with an address 172.20.128.64.

•

Create an extended ACL, and filter traffic to deny HTTP access to all Internet hosts but allow all
other types of access.

Figure 22-2

Using Switch ACLs to Control Traffic

This example uses a standard ACL to allow access to a specific Internet host with the address
172.20.128.64.

Switch(config)# access-list 6 permit 172.20.128.64 0.0.0.0

Switch(config)# end

Switch(config)# interface gigabitethernet0/17

Switch(config-if)# ip access-group 6 in

This example uses an extended ACL to deny traffic from port 80 (HTTP). It permits all other types of
traffic.

Switch(config)# access-list 106 deny tcp any any eq 80

Switch(config)# access-list 106 permit ip any any

Switch(config)# interface gigabitethernet0/20

Switch(config-if)# ip access-group 106 in

BladeCenter

BladeCenter

BladeCenter

Cisco router

Workstation

92426

Internet