EasyManuals Logo
Home>Cisco>Switch>Catalyst 3750-X

Cisco Catalyst 3750-X User Manual

Cisco Catalyst 3750-X
1438 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #856 background imageLoading...
Page #856 background image
37-26
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 37 Configuring Network Security with ACLs
Configuring IPv4 ACLs
Named ACLs
This example creates a standard ACL named internet_filter and an extended ACL named
marketing_group. The internet_filter ACL allows all traffic from the source address 1.2.3.4.
Switch(config)# ip access-list standard Internet_filter
Switch(config-ext-nacl)# permit 1
.2.3.4
Switch(config-ext-nacl)# exit
The marketing_group ACL allows any TCP Telnet traffic to the destination address and wildcard
171.69.0.0 0.0.255.255 and denies any other TCP traffic. It permits ICMP traffic, denies UDP traffic
from any source to the destination address range 171.69.0.0 through 179.69.255.255 with a destination
port less than 1024, denies any other IP traffic, and provides a log of the result.
Switch(config)# ip access-list extended marketing_group
Switch(config-ext-nacl)# permit t
cp any 171.69.0.0 0.0.255.255 eq telnet
Switch(config-ext-nacl)# deny tcp
any any
Switch(config-ext-nacl)# permit i
cmp any any
Switch(config-ext-nacl)# deny udp
any 171.69.0.0 0.0.255.255 lt 1024
Switch(config-ext-nacl)# deny ip
any any log
Switch(config-ext-nacl)# exit
The Internet_filter ACL is applied to outgoing traffic and the marketing_group ACL is applied to
incoming traffic on a Layer 3 port.
Switch(config)# interface gigabitethernet3/0/2
Switch(config-if)# no switchport
Switch(config-if)# ip address 2.0
.5.1 255.255.255.0
Switch(config-if)# ip access-grou
p Internet_filter out
Switch(config-if)# ip access-grou
p marketing_group in
Time Range Applied to an IP ACL
This example denies HTTP traffic on IP on Monday through Friday between the hours of 8:00 a.m. and
6:00 p.m (18:00). The example allows UDP traffic only on Saturday and Sunday from noon to 8:00 p.m.
(20:00).
Switch(config)# time-range no-http
Switch(config)# periodic weekdays
8:00 to 18:00
!
Switch(config)# time-range udp-ye
s
Switch(config)# periodic weekend
12:00 to 20:00
!
Switch(config)# ip access-list ex
tended strict
Switch(config-ext-nacl)# deny tcp
any any eq www time-range no-http
Switch(config-ext-nacl)# permit u
dp any any time-range udp-yes
!
Switch(config-ext-nacl)# exit
Switch(config)# interface gigabit
ethernet2/0/1
Switch(config-if)# ip access-grou
p strict in
Commented IP ACL Entries
In this example of a numbered ACL, the workstation that belongs to Jones is allowed access, and the
workstation that belongs to Smith is not allowed access:
Switch(config)# access-list 1 remark Permit only Jones workstation through
Switch(config)# access-list 1 per
mit 171.69.2.88
Switch(config)# access-list 1 rem
ark Do not allow Smith workstation through
Switch(config)# access-list 1 den
y 171.69.3.13

Table of Contents

Other manuals for Cisco Catalyst 3750-X

Preview: Command Reference
Command Reference1244 pages
Preview: Message Guide
Message Guide150 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 3750-X and is the answer not in the manual?

Cisco Catalyst 3750-X Specifications

General IconGeneral
BrandCisco
ModelCatalyst 3750-X
CategorySwitch
LanguageEnglish

Related product manuals