Configuration Guide Configuring ACL
in: Indicates that this ACL controls incoming IP packets of the interface.
out: Indicates that this ACL controls outgoing IP packets of the interface.
reflect: Indicates that the reflexive ACL is enabled.
Interface configuration mode
This command makes an IP ACL take effect on the incoming or outgoing packets of a specified interface.
Configuration Example
The following configuration example describes only ACL-related configurations.
Configuring an IP ACL to Prohibit Departments Except the Financial Department from Accessing the Financial
Data Server
Configure an IP ACL.
Add ACEs to the IP ACL.
Apply the IP ACL to the outgoing direction of the interface connecting the financial data server.
sw1(config)#ip access-list standard 1
sw1(config-std-nacl)#permit 10.1.1.0 0.0.0.255
sw1(config-std-nacl)#deny 11.1.1.1 0.0.0.255
sw1(config-std-nacl)#exit
sw1(config)#int gigabitEthernet 0/3
sw1(config-if-GigabitEthernet 0/3)#ip access-group 1 out
On a PC of the R&D department, ping the financial data server. Verify that the ping operation fails.
On a PC of the financial department, ping the financial data server. Verify that the ping operation
succeeds.
sw1(config)#show access-lists
To Next Page
Loading...
Need help?
General
