Switch Configuration ACL Access Control

Record a switch configuration ACL records, the demand is to configure a Vlan to restrict access to other Vlan, as well as restricted Vlan can only access its > other VLAN specified IP after all, this is usually very little to configure a configuration of all kinds of look for documentation, is very inconvenient, after all, just a few The commands are just a few! Not much to say, directly into the main topic.

Create ACLs and add rules

1
Switch>enable
2
Switch#
3
Switch#configure terminal
4
Switch(config)#ip access-list extended deny55    # Create ACL extension deny55 group
5
Switch(config-ext-nacl)#1 permit ip 10.30.55.0 0.0.0.255 host 10.30.51.35      # Allow 10.30.51.35 to access 10.30.55.0 network segment
6
Switch(config-ext-nacl)#10 deny ip 10.30.55.0 0.0.0.255 10.30.51.0 0.0.0.255   # Deny access to 10.30.51.0 on the 10.30.55.0 network segment
7
Switch(config-ext-nacl)#20 deny ip 10.30.55.0 0.0.0.255 10.30.52.0 0.0.0.255   # Deny access to 10.30.52.0 on the 10.30.55.0 network segment
8
Switch(config-ext-nacl)#100 permit ip any any               # Other IPs are allowed access by default
9
Switch(config-ext-nacl)#show this                 # To view the current ACL deny55 group rule, configure the attention sequence number
10
Building configuration...
11
!
12
 1 permit ip 10.30.55.0 0.0.0.255 host 10.30.51.19
13
 10 deny ip 10.30.55.0 0.0.0.255 10.30.51.0 0.0.0.255
14
 20 deny ip 10.30.55.0 0.0.0.255 10.30.52.0 0.0.0.255
15
 100 permit ip any any
16
！
17
end
18
Switch(config-ext-nacl)#exit

The created ACL is referenced to the specified Vlan (it can also be applied to the device interface).

1
Switch>enable
2
Switch#
3
Switch#configure terminal
4
Switch(config)#interface vlaN 15                 # Enter VLAN 15 configuration
5
Switch(config-if-VLAN 15)#ip access-group deny55 in       # Apply deny55 to vlan 15.
6
Switch(config-if-VLAN 15)#show this
7
Building configuration...
8
!
9
 ip access-group deny55 in
10
 ip address 10.30.55.254 255.255.255.0
11
!
12
end
13
Switch(config-if-VLAN 15)#end

See if the ACL rule is correct and save

1
Switch#show access-lists
2
ip access-list extended deny55                   # view the rules that have been added to an ACL
3
 1 permit ip 10.30.55.0 0.0.0.255 host 10.30.51.35
4
 10 deny ip 10.30.55.0 0.0.0.255 10.30.51.0 0.0.0.255
5
 20 deny ip 10.30.55.0 0.0.0.255 10.30.52.0 0.0.0.255
6
 30 deny ip 10.30.55.0 0.0.0.255 10.30.53.0 0.0.0.255
7
 40 deny ip 10.30.55.0 0.0.0.255 10.30.54.0 0.0.0.255
8
 50 deny ip 10.30.55.0 0.0.0.255 10.30.56.0 0.0.0.255
9
 60 deny ip 10.30.55.0 0.0.0.255 10.30.58.0 0.0.0.255
10
 70 permit ip any any
11
 (2 packets filtered)
12
Switch#write                               # Saving the Current Configuration

end here

Switch Configuration ACL Access Control

https://huoshen.pages.dev/p/c014c0bb/

Author

Koevn

Published at

April 21, 2021

License

CC BY-NC-SA 4.0