Configuring ACL Bindings with CLI Commands

The following table summarizes the equivalent CLI commands for configuring ACL Bindings.

Table 7-7. ACL Bindings CLI Commands

CLI Command

Description

 

 

service-acl input acl-name

To control access to an interface, use the service-acl command in interface

no service-acl input

configuration mode. To remove the access control, use the no form of this command.

 

 

 

show access-lists [name]

Use the show access-lists privileged EXEC command to display access control lists

 

(ACLs) configured on the switch.

 

 

The following is an example of some of the CLI commands:

Switch# show access-lists

IP access list ACL1

permit 234 172.30.40.1 0.0.0.0 any permit 234 172.30.8.8 0.0.0.0 any

Configuring DHCP Snooping

DHCP Snooping expands network security by providing firewall security between untrusted interfaces and DHCP servers. By enabling DHCP Snooping network administrators can differentiate between trusted interfaces connected to end-users or DHCP Servers and untrusted interfaces located beyond the network firewall.

DHCP Snooping filters untrusted messages. DHCP Snooping creates and maintains a DHCP Snooping Table which contains information received from untrusted packets. Interfaces are untrusted if the packet is received from an interface outside the network or from an interface beyond the network firewall.

Trusted interfaces receive packets only from within the network or the network firewall.

The DHCP Snooping Table contains the untrusted interfaces’ MAC address, IP address, Lease Time, VLAN ID, and interface information.

The DHCP section contains the following topics:

Defining DHCP Snooping Properties

Defining DHCP Snooping on VLANs

Defining Trusted Interfaces

Adding Interfaces to the DHCP Snooping Database

288

Configuring Switch Information

Page 288
Image 288
Dell 3548 manual Configuring Dhcp Snooping