19-22
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
Chapter 19 Configuring Network Security with ACLs
Configuring Router ACLs
This example shows how to use the show running-config interface privileged EXEC command to
display the ACL configuration of Gigabit Ethernet interface 0/2:
Switch# show running-config interface gigabitethernet0/2
Building configuration...
Building configuration...
Current configuration : 85 bytes
!
interface GigabitEthernet0/2
ip address 10.20.30.1 255.255.0.0
ip access-group 13 in
ip access-group permit Any out
no switchport
!
<output truncated>
!
access-list 13 permit any log
access-list 101 permit icmp any any conversion-error
access-list 101 permit 234 host 172.30.40.1 host 123.23.23.2
access-list 103 permit icmp any any 123 23 tos max-throughput
access-list 103 permit igmp any any 12
<information truncated>
!
ACL Configuration Examples
This section provides examples of configuring ACLs. For detailed information about compiling ACLs,
refer to the Security Configuration Guide and the “IP Services” chapter of the Cisco IOS IP and IP
Routing Configuration Guide for IOS Release 12.1.
Figure 19-3
shows a small networked office environment with the routed port 0/2 connected to Server
A, containing benefits and other information that all employees can access, and routed port 0/3
connected to Server B, containing confidential payroll data. All users can access Server A, but Server B
has restricted access.
Use router ACLs to do this in one of two ways:
•
Create a standard ACL, and filter traffic coming to the server from port 0/3.
•
Create an extended ACL, and filter traffic coming from the server into port 0/3.