19-19
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
Chapter19 Configuring Network Securi ty with ACLs Configuring Router ACLs
Beginning in privileged EXEC mode, follow these steps to restrict incoming and outgoing connec ti ons
between a virtual terminal line and the addresses in an ACL:
To remove access restrictions on a terminal line, use the no access-class access-list-number {in | out}
line configuration command.
Beginning in privileged EXEC mode, follow these steps to control access to a Layer 3 interface:
To remove the specified access group, use the no ip access-group {access-list-number | name } {in | out}
interface configuration command.
This example shows how to apply access list 2 on Gigabit Ethernet interface 0/3 to filter packets ente ring
the interface:
Switch(config)# interface gigabitethernet0/3
Router(config-if)# ip access-group 2 in
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 line [console | vty] line-number Identify a specific line for configuration, and enter in-line configuration
mode.
consoleEnter to specify the console terminal line. The console port
is DCE.
vtyEnter to specify a virtual terminal for remote console access.
The line-number is the first line number in a contiguous group that you want
to configure when the line type is specified. The range is fro m 0 to 16 .
Step3 access-class access-list-number
{in |out} Restrict incoming and outgoing connections between a particul ar virt ual
terminal line (into adevice) and the addresses in an access list.
Step4 end Return to privileged EXEC mode.
Step5 show running-config Display the access list configuration.
Step6 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 interface interface-id Identify a specific interface for configuration, and enter interface
configuration mode.
The interface must be a Layer 3 interface, either a routed port or an SVI
VLAN ID.
Step3 ip access-group {access-list-number |
name} {in | out} Control access to the specified interface.
Step4 end Return to privileged EXEC mode.
Step5 show running-config Display the access list configuration.
Step6 copy running-config startup-config (Optional) Save your entries in the configuration file.