Defining and applying an IPv4 ACL

Procedure

  1. Begin defining an IPv4 ACL named FILTER_TO_HOST_B:

    2. switch(config)#access-list ip FILTER_TO_HOST_B

  2. Add an ACE that denies access from IP address 192.168.1.2 (Host A) to 192.168.2.2 (Host B):

    3. switch(config-acl-ip)#deny any 192.168.1.2 192.168.2.2 log

  3. Add an ACE that allows access from all other IP addresses:

    4. switch(config-acl-ip)#permit any any any

  4. 退出ACL定义:

    5. switch(config-acl-ip)#exit

  5. Enter the context of the interface to which you will apply the ACL:

    6. switch(config)#interface 1/1/1

  6. Apply the FILTER_TO_HOST_B ACL to inbound (ingress) traffic:

    7. switch(config-if)#apply access-list ip FILTER_TO_HOST_B in

  7. Show your ACL:
    switch(config-if)#exitswitch#显示访问列表ip FILTER_TO_HOST_BType Name Sequence Comment Action L3 Protocol Source IP Address Source L4 Port(s) Destination IP Address Destination L4 Port(s) Additional Parameters ------------------------------------------------------------------------------- IPv4 FILTER_TO_HOST_B 10 deny any 192.168.1.2 192.168.2.2 Logging: enabled Hit-counts: enabled 20 permit any any any -------------------------------------------------------------------------------