Including Comments About Entries In Acls; Applying The Acl To An Interface Or Terminal Line - Cisco WS-C3550-12G Software Configuration Manual
Multilayer switch
Hide thumbs
Also See for WS-C3550-12G:
- User manual (436 pages) ,
- Manual (278 pages) ,
- Datasheet (19 pages)
Table of Contents
Advertisement
Configuring Router ACLs
Including Comments About Entries in ACLs
You can use the remark keyword to include comments (remarks) about entries in any IP standard or
extended ACL. The remarks make the ACL easier for you to understand and scan. Each remark line is
limited to 100 characters.
The remark can go before or after a permit or deny statement. You should be consistent about where you
put the remark so that it is clear which remark describes which permit or deny statement. For example,
it would be confusing to have some remarks before the associated permit or deny statements and some
remarks after the associated statements.
For IP numbered standard or extended ACLs, use the access-list access-list number remark remark
global configuration command to include a comment about an access list. To remove the remark, use the
no form of this command.
In this example, the workstation belonging to Jones is allowed access, and the workstation belonging to
Smith is not allowed access:
Switch(config)# access-list 1 remark Permit only Jones workstation through
Switch(config)# access-list 1 permit 171.69.2.88
Switch(config)# access-list 1 remark Do not allow Smith workstation through
Switch(config)# access-list 1 deny 171.69.3.13
For an entry in a named IP ACL, use the remark access-list configuration command. To remove the
remark, use the no form of this command.
In this example, the Jones subnet is not allowed to use outbound Telnet:
Switch(config)# ip access-list extended telnetting
Switch(config-ext-nacl)# remark Do not allow Jones subnet to telnet out
Switch(config-ext-nacl)# deny tcp host 171.69.2.88 any eq telnet
Applying the ACL to an Interface or Terminal Line
After you create an ACL, you can apply it to one or more interfaces or terminal lines. ACLs can be
applied on either outbound or inbound interfaces. This section describes how to accomplish this task for
both terminal lines and network interfaces. Note these guidelines:
•
•
•
•
Catalyst 3550 Multilayer Switch Software Configuration Guide
19-18
When controlling access to a line, you must use a number. Only numbered ACLs can be applied to
lines.
When controlling access to an interface, you can use a name or number.
Set identical restrictions on all the virtual terminal lines because a user can attempt to connect to
any of them.
If you apply an ACL to a Layer-3 interface and the enhanced multilayer software image is not
installed on your switch, the ACL only filters packets that are intended for the CPU, such as SNMP,
Telnet, or Web traffic.
Chapter 19
Configuring Network Security with ACLs
78-11194-03
- Quick Links:
- Table of Contents
- Front Panel View
- Ip Addresses
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
