Filter
Top Products
Chapter 73: Advanced Access Control Lists (ACLs)
1190
Assigning MAC
ACLs to VTY
Lines
This example creates two MAC ACLs. The first MAC ACL created, with an
ID of 4000, permits IP address 10.0.0.5 full access to the switch. The
second MAC ACL has an ID of 4001 and denies all IP addresses access
to the switch. Both MAC ACLs are assigned to all ten VTY lines with the
ACCESS-CLASS command in the order that the ACLs were created. The
result of this example is that only IP address 10.0.0.5 has remote access
to the switch. See Table 137.
Note
MAC ACLs are specified with an ACL ID number within the 4000 to
4699 range.
awplus(config)# access-list 3000
permit ip host 10.0.0.3 host
10.0.0.20
Creates an ACL with an ID number of
3000 that allows IP address 10.0.0.3 full
access to the switch.
awplus(config)# access-list 3001
deny ip any host 10.0.0.20
Creates an ACL with an ID number of
3001 that denies all IP addresses access
to the switch.
awplus(config)# line vty 0 9 Access the LINE VTY mode for lines 0
through 9.
awplus(config-line)# access-
class 3000
Assigns ACL 3000 to VTY lines 0 through
9.
awplus(config-line)# access-
class 3001
Assigns ACL 3001 to VTY lines 0 through
9.
Table 136. Assigning Numbered IP ACLs to VTY Lines Example (Continued)
Command Description
Table 137. Assigning MAC ACLs to VTY Lines Example
Command Description
awplus> enable Enter the Privileged Executive mode from
the User Executive mode.
awplus# configure terminal Enter the Global Configuration mode.
awplus(config)# interface vlan10 Enter the Port Interface mode for VLAN
10.
awplus(config_if)# ip address
10.0.0.20/24
Assign VLAN 10 an IP address and
subnet mask of 10.0.0.20/24.
awplus(config_if)# q Quit the Port Interface mode.