Showing results for 
Search instead for 
Did you mean: 

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.
Get the latest news in this issue of the Cisco Small Business Monthly Newsletter

Access Control Lists (ACLs) and Access Control Entries (ACEs) Configuration on Sx200/300 Series Managed Switches


An Access Control List (ACL) is an ordered list of actions the switch performs one by one. Each action is defined by an Access Control Entry (ACE) which specifies the decisions the ACL must perform. These ACEs can perform tasks such as allowing or denying a specific network portion, or a network protocol. A single ACL can have more than one ACE to accomplished a given task. The Sx200/300 Series Managed Switches can have 512 ACLs and 512 ACEs.

ACLs are of great use in a network since they provide the tools to filter traffic according to the network needs, which makes the network more reliable and efficient.

ACL & ACE Configuration Articles:

MAC Based ACL and ACE Configuration on 300 Series Managed Switches

Configure IPv4-Based Access Lists on the 200/300 Series Managed Switches

IPv6-Based ACL & ACE on 300 Series Managed Switches

Bind Access Control List (ACL) to an Interface on 200/300 Series Managed Switches

Was this information Helpful? Please leave us your feedback.


CLI Examples:

time-range Weekend

periodic sat 00:00 to sun 23:59

mac access-list extended MAC

permit 00:00:00:00:10:00 00:00:00:00:00:00 any

ipv6 access-list "v6"

permit ipv6 2001::/64 2003::/64 time-range Weekend

ip access-list extended Server

permit icmp any any

permit tcp any any

permit ip any any time-range Weekend

interface Port-channel1

service-acl input Server


SG300(config-if)#do sh access

Extended IP access list Server

    permit  icmp type any code any

    permit  tcp any any

    permit  ip any any time-range Weekend

SG300(config-if)#do sh time-ran

time-range Weekend

periodic Saturday 00:00 to Sunday 23:59

SG300(config-if)#do sh int access

Interface                  ACLs

---------          -----------------------

Po1                Ingress: Server



Thank you


I'm using the SG300. Is this the same or similar as MAC Filtering?


In reading how to configure an ACL and ACE, it appears that you can only apply one ACL per interface (i.e., VLAN 1). I have 200+ devices that I want to permit access (and deny all others) however, the ACE will only let me have 31 entries per ACL. 


Is there something I'm missing, or is this a limitation of the SG300?