Configure an ACL on a layer-3 Switch

Last Update:2018-05-29 Source: Internet

Author: User

Tags md5 digest

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

3750 configuration: 3750 # conft3750 (config) # intf0153750 (config-if) # switchportmodetrunk3750 (config) # end3750 # vlandatabase3750 (vlan) # vtpserver3750 (vlan) # vtpdomainsy3750) # vtppasswordcisco3750 (vlan) # vlan103750 (vlan) # vlan2037

3750 configuration: 3750 # conf t 3750 (config) # int f0/15 3750 (config-if) # switchport mode trunk 3750 (config) # end 3750 # vlan database 3750 (vlan) # vtp server 3750 (vlan) # vtp domain sy 3750 (vlan) # vtp password cisco 3750 (vlan) # vlan 10 3750 (vlan) # vlan 20 37

3750Configuration:3750 # conf t
3750 (config) # int f0/15
3750 (config-if) # switchport mode trunk
3750 (config) # end
3750 # vlan database
3750 (vlan) # vtp server
3750 (vlan) # vtp domain sy
3750 (vlan) # vtp password cisco
3750 (vlan) # vlan 10
3750 (vlan) # vlan 20
3750 (vlan) # vlan 30
3750 (vlan) # vlan 40
3750 (vlan) # vlan 100
3750 (vlan) # exit
3750 (config) # ip routing
3750 (config) # int vlan 10
3750 (config-if) # ip address 192.168.10.1 255.255.255.0
3750 (config-if) # no shutdown
3750 (config-if) # exit
3750 (config) # int vlan 20
3750 (config-if) # ip address 192.168.20.1 255.255.255.0
3750 (config-if) # no shutdown
3750 (config-if) # exit
3750 (config) # int vlan 30
3750 (config-if) # ip address 192.168.30.1 255.255.255.0
3750 (config-if) # no shutdown
3750 (config-if) # exit
3750 (config) # int vlan 40
3750 (config-if) # ip address 192.168.40.1 255.255.255.0
3750 (config-if) # no shutdown
3750 (config-if) # exit
3750 (config) # int vlan 100
3750 (config-if) # ip address 192.168.100.1 255.255.0
3750 (config-if) # no shutdown
3750 (config-if) # exit
3750 (config) # end
3750 (config) # int f0/1
3750 (config-if) # switchport access vlan 100
3750 (config-if) # end
ConfigurationACL3750 # conf t
3750 (config) # access-list 100 deny ip 192.168.10.0 0.0.255 192.168.20.0 0.0.0.255
3750 (config) # access-list 100 deny ip 192.168.10.0 0.0.255 192.168.30.0 0.0.0.255
3750 (config) # access-list 100 permit ip any
3750 (config) # access-list 101 deny ip 192.168.20.0 0.0.255 192.168.10.0 0.0.255
3750 (config) # access-list 101 deny ip 192.168.20.0 0.0.255 192.168.30.0 0.0.0.255
3750 (config) # access-list 101 permit ip any
3750 (config) # access-list 102 deny ip 192.168.30.0 0.0.255 192.168.10.0 0.0.255
3750 (config) # access-list 102 deny ip 192.168.30.0 0.0.255 192.168.20.0 0.0.0.255
3750 (config) # access-list 102 permit ip any
3750 (config) # ip access-list extended infilter // place reflect in the Inbound direction //
3750 (config-ext-nacl) # permit ip any reflect ccna
3750 (config-ext-nacl) # exit
3750 (config) # ip access-list extended outfilter // place evaluate in the outbound direction //
3750 (config-ext-nacl) # evaluate ccna
3750 (config-ext-nacl) # deny ip 192.168.10.0 0.0.255 any
3750 (config-ext-nacl) # deny ip 192.168.20.0 0.0.255 any
3750 (config-ext-nacl) # deny ip 192.168.30.0 0.0.255 any
3750 (config-ext-nacl) # permit ip any
3750 (config-ext-nacl) # exit
3750 (config) # int vlan 40 // application to management interface //
3750 (config-if) # ip access-group infilter in
3750 (config-if) # ip access-group outfilter out
3750 (config-if) # exit
3750 (config) # int vlan 10
3750 (config-if) # ip access-group 100 in
3750 (config-if) # exit
3750 (config) # int vlan 20
3750 (config-if) # ip access-group 101 in
3750 (config-if) # exit
3750 (config) # int vlan 30
3750 (config-if) # ip access-group 102 in
3750 (config-if) # end2960Configuration:2960 # conf t
2960 (config) # int f0/15
2960 (config-if) # switchport mode trunk
2960 (config-if) # switchport trunk encapsulation dot1q
2960 (config-if) # end
2960 # vlan database
2960 (vlan) # vtp client
2960 (vlan) # vtp domain sy
2960 (vlan) # vtp password cisco
2960 (vlan) # exit 2960 # show vtp status
VTP Version: 2
Configuration Revision: 2
Maximum VLANs supported locally: 256
Number of existing VLANs: 10
VTP Operating Mode: Client
VTP Domain Name: sy
VTP Pruning Mode: Enabled
VTP V2 Mode: Disabled
VTP Traps Generation: Disabled
MD5 digest: 0x4D 0xA8 0xC9 0x00 0xDC 0x58 0x2F 0xDD
Configuration last modified by 0.0.0.0 at 3-1-02 00:13:34
2960 # show vlan-sw briefVLAN Name Status Ports
----------------------------------------------------------------------------
1 default active Fa0/0, Fa0/1, Fa0/2, Fa0/3
Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14
10 VLAN0010 active
20 VLAN0020 active
30 VLAN0030 active
40 VLAN0040 active
100 VLAN0100 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active2960 # conf t
2960 (config) # int f0/1
2960 (config-if) # switchport access vlan 10
2960 (config-if) # int f0/2
2960 (config-if) # switchport access vlan 20
2960 (config-if) # int f0/3
2960 (config-if) # switchport access vlan 30
2960 (config-if) # int f0/4
2960 (config-if) # switchport access vlan 40
2960 (config-if) # end
Client Verification:
PC1:PC1 # ping 192.168.20.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2 seconds:
U. U. U
Success rate is 0 percent (0/5)PC1 # ping 192.168.30.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds:
U. U. U
Success rate is 0 percent (0/5)PC1 # ping 192.168.40.40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.40.40, timeout is 2 seconds:
U. U. U
Success rate is 0 percent (0/5)PC1 # ping 192.168.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 104/268/336 MS PC2:PC2 # ping 192.168.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
U. U. U
Success rate is 0 percent (0/5)PC2 # ping 192.168.30.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds:
U. U. U
Success rate is 0 percent (0/5)PC2 # ping 192.168.40.40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.40.40, timeout is 2 seconds:
U. U. U
Success rate is 0 percent (0/5)PC2 # ping 192.168.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/170/336 MS PC3:PC3 # ping 192.168.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
. U. U.
Success rate is 0 percent (0/5)PC3 # ping 192.168.20.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2 seconds:
U. U. U
Success rate is 0 percent (0/5)PC3 # ping 192.168.40.40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.40.40, timeout is 2 seconds:
U. U. U
Success rate is 0 percent (0/5)PC3 # ping 192.168.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/218/416 MS PC4:PC4 # ping 192.168.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 240/331/508 MSPC4 # ping 192.168.20.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 220/288/356 MSPC4 # ping 192.168.30.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/207/268 MSPC4 # ping 192.168.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/219/440 MS PC5:PC5 # ping 192.168.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/194/284 MSPC5 # ping 192.168.20.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/209/336 MSPC5 # ping 192.168.30.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.30.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/184/372 MSPC5 # ping 192.168.40.40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.40.40, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 192/239/308 MS

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More