Справочник Пользователя для IBM 12.1(22)EA6
22-22
Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
Chapter 22 Configuring Network Security with ACLs
Examples for Compiling ACLs
interface GigabitEthernet0/17
ip access-group 11 in
snmp trap link-status
no cdp enable
end!
Examples for Compiling ACLs
For detailed information about compiling ACLs, see the Security Configuration Guide and the “IP
Services” chapter of the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.1.
Services” chapter of the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.1.
shows a small networked office with a number of switches that are connected to a Cisco
router. A host is connected to the network through the Internet using a WAN link.
Use switch ACLs to do these:
•
Create a standard ACL, and filter traffic from a specific Internet host with an address 172.20.128.64.
•
Create an extended ACL, and filter traffic to deny HTTP access to all Internet hosts but allow all
other types of access.
other types of access.
Figure 22-2
Using Switch ACLs to Control Traffic
This example uses a standard ACL to allow access to a specific Internet host with the address
172.20.128.64.
172.20.128.64.
Switch(config)# access-list 6 permit 172.20.128.64 0.0.0.0
Switch(config)# end
Switch(config)# interface gigabitethernet0/17
Switch(config-if)# ip access-group 6 in
This example uses an extended ACL to deny traffic from port 80 (HTTP). It permits all other types of
traffic.
traffic.
Switch(config)# access-list 106 deny tcp any any eq 80
Switch(config)# access-list 106 permit ip any any
Switch(config)# interface gigabitethernet0/20
Switch(config-if)# ip access-group 106 in
BladeCenter
BladeCenter
BladeCenter
Cisco router
Workstation
92426
Internet