29-23
Catalyst2950 and Catalyst2955 Switch Software Configuration Guide
78-11380-10
Chapter29 Configuring Network Securi ty with ACLs Examples for Compiling ACLs
This example shows how to view all access groups configured for an interface:
Switch# show ip interface fastethernet0/9
FastEthernet0/9 is down, line protocol is down
Inbound access list is ip1
The only way to ensure that you can view all configured access groups under all circumstances is to use
the show running-config privileged EXEC command. To display the ACL configuration of a single
interface, use the show running-config interface interface-id command.
This example shows how to display the ACL configuration of Gigabit Ethernet interface 0/ 1:
Switch# show running-config interface gigabitethernet0/1
Building configuration...
Current configuration :112 bytes
!
interface GigabitEthernet0/1
ip access-group 11 in
snmp trap link-status
no cdp enable
end!
Examples for Compiling ACLs
For detailed information about compiling ACLs, refer to the Security Configuration Guide and the IP
Services chapter of the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.1.
Figure 29-2 shows a small networked office with a number of switches that are connected to a Cisco
router. A host is connected to the network through the Internet using a WAN link.
Use switch ACLs to do these:
Create a standard ACL, and filter traffic from a specific Internet host with an address 172.20.128.64 .
Create an extended ACL, and filter traffic to deny HTTP access to all Internet hosts but allow all
other types of access.