Loading ...
Loading ...
Loading ...
Configuring ACL Configuration Example for ACL
User Guide 849
3.3 Configuration Example for Combined ACL
3.3.1 Network Requirements
To enhance network security, a company requires that only the network administrator can
log in to the switch through Telnet connection. The computers are connected to the switch
via port 1/0/2. The network topology is shown as below.
Figure 3-23 Network Topology
Internet
Gi1/0/1
Network administrator's PC
MAC: 6C-62-6D-F5-BA-48
Gi1/0/2
3.3.2 Configuration Scheme
To meet the requirements above, you can set up packet filtering by creating a Combined
ACL and configuring rules for it.
â– ACL Configuration
Create a Combined ACL and configure the following rules for it:
â– Configure a permit rule to match packets with source MAC address 6C-62-6D-F5-
BA-48, and destination port TCP 23. This rule allows the computer of the network
administrator to access the switch through Telnet connection.
â– Configure a deny rule to match all the packets except the packets with source MAC
address 6C-62-6D-F5-BA-48 and destination port TCP 23. This rule blocks the Telnet
connection to the switch of other computers.
â– Configure a permit rule to match all the packets. This rule allows that other devices are
given the network services except Telnet connection.
The switch matches the packets with the rules in order, starting with Rule 1. If a packet
matches a rule, the switch stops the matching process and initiates the action defined in
the rule.
Loading ...
Loading ...
Loading ...