IBM 12.1(22)EA6 User Manual
22-19
Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
Chapter 22 Configuring Network Security with ACLs
Applying ACLs to Terminal Lines or Physical Interfaces
After you create an ACL, you can apply it to one or more management interfaces or terminal lines. ACLs
can be applied on inbound interfaces. This section describes how to accomplish this task for both
terminal lines and network interfaces. Note these guidelines:
can be applied on inbound interfaces. This section describes how to accomplish this task for both
terminal lines and network interfaces. Note these guidelines:
•
When controlling access to a line, you must use numbered IP ACLs or MAC extended ACLs.
•
When controlling access to an interface, you can use named or numbered ACLs.
•
Set identical restrictions on all the virtual terminal lines because a user can attempt to connect to
any of them.
any of them.
•
If you apply ACLs to a management interface, the ACL only filters packets that are intended for the
CPU, such as SNMP, Telnet, or web traffic.
CPU, such as SNMP, Telnet, or web traffic.
Applying ACLs to a Terminal Line
Beginning in privileged EXEC mode, follow these steps to restrict incoming connections between a
virtual terminal line and the addresses in an ACL:
virtual terminal line and the addresses in an ACL:
Applying ACLs to a Physical Interface
Beginning in privileged EXEC mode, follow these steps to control access to a Layer 2 interface:
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
line [console | vty] line-number
Identify a specific line for configuration, and enter in-line configuration
mode.
mode.
Enter console for the console terminal line. The service port is DCE.
Enter vty for a virtual terminal for remote console access.
The line-number is the first line number in a contiguous group that you want
to configure when the line type is specified. The range is from 0 to 16.
to configure when the line type is specified. The range is from 0 to 16.
Step 3
access-class access-list-number {in}
Restrict incoming and outgoing connections between a particular virtual
terminal line (into a device) and the addresses in an access list.
terminal line (into a device) and the addresses in an access list.
Step 4
end
Return to privileged EXEC mode.
Step 5
show running-config
Display the access list configuration.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface interface-id
Identify a specific interface for configuration and enter interface
configuration mode.
configuration mode.
The interface must be a Layer 2 or management interface or a management
interface VLAN ID.
interface VLAN ID.
Step 3
ip access-group {access-list-number |
name} {in}
name} {in}
Control access to the specified interface.
Step 4
end
Return to privileged EXEC mode.