Filter
Top Products
28-22
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
OL-10101-02
Chapter 28 Configuring Network Security with ACLs
Examples for Compiling ACLs
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is permit Any
Inbound access list is 13
<information truncated>
This example shows how to view all access groups configured for an interface:
Switch# show ip interface fastethernet0/9
FastEthernet0/9 is down, line protocol is down
Inbound access list is ip1
The only way to ensure that you can view all configured access groups under all circumstances is to use
the show running-config privileged EXEC command. To display the ACL configuration of a single
interface, use the show running-config interface interface-id command.
This example shows how to display the ACL configuration of Gigabit Ethernet interface 0/1:
Switch# show running-config interface gigabitethernet0/1
Building configuration...
Current configuration :112 bytes
!
interface GigabitEthernet0/1
ip access-group 11 in
snmp trap link-status
no cdp enable
end!
Examples for Compiling ACLs
For detailed information about compiling ACLs, see the Security Configuration Guide and the “IP
Services” chapter of the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.1.
Figure 28-2 shows a small networked office with a number of switches that are connected to a Cisco
router. A host is connected to the network through the Internet using a WAN link.
Use switch ACLs to do these:
• Create a standard ACL, and filter traffic from a specific Internet host with an address 172.20.128.64.
• Create an extended ACL, and filter traffic to deny HTTP access to all Internet hosts but allow all
other types of access.