Configuration Guide Configuring ACL
 Configure an expert extended ACL "exp_ext_esc".
 Add an ACE to allow forwarding packets to the destination host 10.1.1.2.
 Add an ACE to permit the DHCP packets.
 Add an ACE to permit the ARP packets.
 On the interface where DOT1X authentication is enabled, configure the ACL "exp_ext_esc" as the
security channel.
sw1(config)#expert access-list extended exp_ext_esc
sw1(config-exp-nacl)# permit ip any any host 10.1.1.2 any
sw1(config-exp-nacl)# permit 0x0806 any any any any any
sw1(config-exp-nacl)# permit tcp any any any any eq 67
sw1(config-exp-nacl)# permit tcp any any any any eq 68
sw1(config)#int gigabitEthernet 0/1
sw1(config-if-GigabitEthernet 0/1)# security access-group exp_ext_esc
 On a PC of the sales department, ping the server of the sales department. Verify that the ping
operation succeeds.
 On the PCs of R&D department 1 and R&D department 2, ping the server of the sales department.
Verify that the ping operations fail.
sw1#show access-lists
expert access-list extended exp_ext_esc
10 permit ip any any host 10.1.1.2 any
20 permit arp any any any any any
30 permit tcp any any any any eq 67
40 permit tcp any any any any eq 68……
sw1#show running-config interface gigabitEthernet 0/1
To Next Page
Loading...
Need help?
General
