05-04-2005 02:48 AM - edited 03-02-2019 10:40 PM
Hi,
This is my switch configuration:
Current configuration : 3727 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Switch1
!
enable secret xxx
enable password xxx
!
ip subnet-zero
!
spanning-tree extend system-id
!
!
interface FastEthernet0/1
no ip address
.
.
.
!
interface FastEthernet0/40
no ip address
!
interface FastEthernet0/41
no ip address
!
interface FastEthernet0/42
no ip address
!
interface FastEthernet0/43
no ip address
!
interface FastEthernet0/44
no ip address
!
interface FastEthernet0/45
no ip address
!
interface FastEthernet0/46
no ip address
!
interface FastEthernet0/47
no ip address
!
interface FastEthernet0/48
switchport mode access
no ip address
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 192.168.100.13 255.255.255.0
ip access-group 105 in
!
ip http server
!
access-list 101 deny udp any eq bootps any
access-list 101 deny udp any eq bootpc any
access-list 101 permit ip any any
access-list 105 permit ip 192.168.100.0 0.0.0.255 any
access-list 105 permit ip 192.168.101.0 0.0.0.255 any
access-list 105 permit ip 192.168.102.0 0.0.0.255 any
access-list 105 permit ip 123.x.x.x.0.0.255 any
access-list 105 permit ip any host 222.33.111.58
access-list 105 permit ip any host 222.33.111.59
access-list 105 permit ip any host 222.33.111.81
access-list 105 permit ip any host 222.33.111.145
access-list 105 permit ip any host 222.33.111.147
access-list 105 permit ip any host 222.33.111.148
access-list 105 permit ip any host 222.33.111.168
access-list 105 permit ip any host 222.33.111.242
access-list 105 permit ip any host 222.33.110.9
access-list 105 permit ip any host 222.33.110.144
access-list 105 permit ip any host 222.33.110.218
access-list 105 permit ip any host 222.33.110.225
snmp-server engineID local xxxx
snmp-server community public RO
!
line con 0
line vty 0 4
password xxx
login
line vty 5 15
password xxx
login
!
end
As you saw I have created 2 access lists, but none of them works when I applied them to the switch interfaces.What is the reason?
Bijan
05-04-2005 03:47 AM
Can you paste the Show version Please.
Thanks
Amit Singh
05-05-2005 04:18 AM
Thank you Amit
The software image of switch is EI (Enhanced Image).
I want to apply ACL to interface vlan1.Do I have to execute "switchport mode access" command on all physical interfaces of the switch?
05-04-2005 05:45 AM
as per ur config. you didnt apply acesslist 101 to any where ...!!!!
05-04-2005 08:33 PM
I've checked both acls on f0/1,they didn't work.
05-04-2005 10:23 PM
is ur box is L2 or L3 ???
05-04-2005 06:50 AM
Standard IP access lists are Layer-3 only and will NOT work on a L2 switchport. You'll need to use a VLAN ACL (assuming your device supports them).
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide