Cisco Systems DOC-7814982 Applying ACLs to Terminal Line s or Physical Interfac es

25-20

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 25 Con figuring Ne two rk Sec urity with ACLs

Applying ACLs to Term inal Lines or Phy si cal Int erfaces

Applying ACLs to Terminal Line s or Physical Interfac es

Note Be fore appl ying a n ACL to a phy sica l i nte rface , see the “Gu idelines for Applying ACLs to Physical

Interfaces” section on page 25-6.

You can ap ply ACLs to a ny managem ent interfac e. For informa tion on c reating ACLs on ma nageme nt

interfaces, refer to the “Configuring IP Services” secti on of the Cisco IO S IP and IP Routi ng

Configuration Guide and the Command Reference for IOS Release 12.1.

Note Th e limit ations that apply to ACLs on physical interfaces do not appl y to ACLs on manage men t

interfaces.

After you create an ACL, you can apply it to one or more management interfaces or terminal lines. ACLs

can be app lied on inbound i nterfaces . This sect ion descri bes how to accomplish this task for both

terminal lines and network interfaces. Note these guidelines:

•When cont rolling access to a line, you must use num bered IP ACLs or MAC extended ACLs.

•When controlling access to an interface, you can use named or numbered ACLs.

•Set identical restrictions on all the virtual terminal lines because a user can attempt to connect to

any of them .

•If you apply ACLs to a management interface, the ACL only filters packets that are intended for the

CPU, s uch as S NMP, Telnet , or web tr affic.

•If you app ly ACLs to a mana gement VLAN, see the “Ma nage me nt VL A N” section on pa ge 6- 18.

Beginning i n privileged E XEC mo de, foll ow these s teps to r e strict in co ming c onnec ti ons bet ween a

virtual terminal line and the addresses in an ACL:

Command Purpose

Step 1 configure terminal Enter gl obal configura tion mode.

Step 2 line [console | vty] line-numbe r Identify a specific line for configuration, and enter in-line configuration

mode.

Enter console for the console terminal line. The console port is DCE.

Enter vty for a vir tual term inal for remote console access.

The line-number is the first line number in a contiguous group that you want

to configu re when th e line type is specified. T he range i s from 0 to 16.

Step 3 access-class access-list-number {in} Restr ict i nco mi ng and outgo i ng co nne ctio ns b etw een a pa r ticul ar v irt ual

terminal line (into a device) and the addresses in an access list.

Step 4 end Return to privileged EXEC mode.

Step 5 show running-config Display the access list configuration.

Step 6 copy running-config startup-config (Opti onal) Save your entries i n the configurat ion file.