SELECT * FROM itemsupport, item WHERE itemSupportID = 820 AND item.itemId = itemsupport.itemId AND itemsupport.itemSupport_displayVendor = 'Y' = Wellcome to SMC site = >
CUSTOMER SUPPORT | CONTACT US
 
Support > How to Create and Apply the ACLs to Switch?

Topology:

Before we apply the ACL to switch, we can access to WEB/FTP service and ping.

1) Set ACL depend on IP address.
Configuration:
*Create ACL "aclip" and set rule. (Deny client access to the specific IP.)
Console(config)# access-list ip extended aclip
Console(config-ext-acl)# deny ip host 192.168.20.10 host 192.168.20.150
Console(config-ext-acl)# exit
*Apply the ACL to specific port on switch.
Console(config)# interface ethernet 1/2
Console(config-if)# ip access-group aclip in

 
Results:
Client (192.168.20.10) cannot ping and access to WEB and FTP (192.168.20.150), but available Ping to others IP address.

2) Set ACL depend on IP and TCP.
Configuration:
*Create ACL "acltcp" and set rule. (Deny client using TCP access to the specific IP.)
Console(config)#access-list ip extended acltcp
Console(config-ext-acl)#deny tcp host 192.168.20.10 host 192.168.20.150
Console(config-ext-acl)#exit
*Apply ACL to specific port on switch.
Console(config)#int ethernet 1/2
Console(config-if)#ip access-group acltcp in



Results:
Client (192.168.20.10) cannot access to WEB and FTP, but available Ping and access to TFTP (192.168.20.150).

3) Set ACL depend on IP and UDP.
Configuration:
*Create ACL "acludp" and set rule. (Deny client using UDP access to specific IP)
Console(config)#access-list ip extended acludp
Console(config-ext-acl)#deny udp host 192.168.20.10 host 192.168.20.150
Console(config-ext-acl)#exit
*Apply ACL to specific port on switch.
Console(config)#int ethernet 1/2

Console(config-if)#ip access-group acludp in


Results:
Client (192.168.20.10) cannot access to TFTP, but available Ping and access to the WEB/FTP (192.168.20.150).

4) Set the ACL depend on IP and port number.
Configuration:
*Create ACL "aclport" and set rule. (Deny client access specific IP address and port number.)
Console(config)#access-list ip extended aclport
Console(config-ext-acl)#deny host 192.168.20.10 host 192.168.20.150 destination-port 21
Console(config-ext-acl)#exit
*Apply the ACL to specific port on switch.
Console(config)#int ethernet 1/2
Console(config-if)#ip access-group aclport in



Results:
Client (192.168.20.10) cannot access FTP, but available Ping and access to WEB/TFTP (192.168.20.150).

About Us
Site Term
Terms and Conditions of Sale
About SMC Network Australia
Contact Us
Support
Product Warranty
Customer Service
Download
FAQ
Product Registration
Reseller
Reseller Partner Program
Trade Application
Looking for Reseller
Where To Buy
NSW QLD VIC
TAS ACT
NT WA SA
Online Shop