24-24
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-05
Chapter 24 Configuring Network Security with ACLs
Examples for Compiling ACLs
Use switch ACLs to do these:
• Create a standard ACL, and filter traffic from a specific Internet host with an address 172.20.128.64.
• Create an extended ACL, and filter traffic to deny HTTP access to all Internet hosts but allow all
other types of access.
Figure 24-2 Using Switch ACLs to Control Traffic
This example uses a standard ACL to allow access to a specific Internet host with the address
172.20.128.64.
Switch(config)# access-list 6 permit 172.20.128.64 0.0.0.0
Switch(config)# end
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# ip access-group 6 in
This example uses an extended ACL to deny traffic from port 80 (HTTP). It permits all other types of
traffic.
Switch(config)# access-list 106 deny tcp any any eq 80
Switch(config)# access-list 106 permit ip any any
Switch(config)# interface gigabitethernet0/2
Switch(config-if)# ip access-group 106 in
Cisco router
Catalyst 2950
Catalyst 2950
Catalyst 2950
Workstation
End
workstations
65289
Internet
