Specifications

ManualsBrandsCisco ManualsComputer equipment2970 - Catalyst Switch

471

472

473

474

475

476

477

478

479

480

26-16

Catalyst 2970 Switch Software Configuration Guide

78-15462-03

Chapter 26 Configuring Network Security with ACLs

Configuring IP ACLs

Applying an IP ACL to a Terminal Line

You can use numbered ACLs to control access to one or more terminal lines. You cannot apply named

ACLs to lines. You must set identical restrictions on all the virtual terminal lines because a user can

attempt to connect to any of them.

For procedures for applying ACLs to interfaces, see the “Applying an IP ACL to an Interface” section

on page 26-16. For applying ACLs to VLANs, see the “Configuring VLAN Maps” section on

page 26-22.

Beginning in privileged EXEC mode, follow these steps to restrict incoming and outgoing connections

between a virtual terminal line and the addresses in an ACL:

To remove an ACL from a terminal line, use the no access-class access-list-number {in | out} line

configuration command.

Applying an IP ACL to an Interface

This section describes how to apply IP ACLs to network interfaces. You can apply ACLs only to inbound

Layer 2 interfaces. Note these guidelines:

• When controlling access to an interface, you can use a named or numbered ACL.

• If you apply an ACL to a Layer 2 interface that is a member of a VLAN, the Layer 2 (port) ACL

takes precedence over a VLAN map applied to the VLAN. Incoming packets received on the Layer

2 port are always filtered by the port ACL.

Beginning in privileged EXEC mode, follow these steps to control access to an interface:

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

line [console | vty] line-number Identify a specific line to configure, and enter in-line configuration mode.

• console—Specify the console terminal line. The console port is DCE.

• vty—Specify a virtual terminal for remote console access.

The line-number is the first line number in a contiguous group that you want

to configure when the line type is specified. The range is from 0 to 16.

Step 3

access-class access-list-number

{in | out}

Restrict incoming and outgoing connections between a particular virtual

terminal line (into a device) and the addresses in an access list.

Step 4

end Return to privileged EXEC mode.

Step 5

show running-config Display the access list configuration.

Step 6

copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

interface interface-id Identify a specific interface for configuration, and enter interface

configuration mode.