cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


10695
Views
0
Helpful
5
Replies
bluebytes1
Beginner

SG300 - ACL implementation

Hello,

I have a SG300 Switche working in layer 3 mode.

I configured 3 VLANs on the switch, assigned all ports, given IP addresses to VLANs interfaces, etc.

Now I want to implement ACL to permit or deny access between vlans and hosts.

Can I apply an ACL to a  whole VLAN (in or out) like Catalyst models?

I mean apply the ACL to the entire vlan or the only way in this model is to implement that ACL port by port?

Every time I have a new port configure to work in a Vlan I have to implement the ACL?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Yes just go into CLI mode and ise the ;

interface range command to specify a range of switch ports.

here is an example from my switch using a MAC based ACL

hope this helps

Dave

mac access-list extended stop

deny f0:de:f1:03:c0:d4 00:00:00:00:00:00 00:08:9b:bd:92:2e 00:00:00:00:00:00 vlan 1

permit any any vlan 1

exit


interface range gigabitethernet1 - 10

service-acl input stop

exit

Remember to save your configuration with a write mem


View solution in original post

5 REPLIES 5
David Hornstein
Rising star

Hi Angel,

There are alot of posts on ACL and the Admin Guide chapter 17 discusses its operation .

But check out the following most interesting post.

https://supportforums.cisco.com/message/3587545#3587545

The SG300 doesn't have the ACL flexability of a catalyst switch.  ACL has to be attached or bound to a switch  port and the ACL then filters on ingress of frames into the switch, not egress..

regards Dave

David,

Thanks for your help.

So If I have 30 ports in Vlan1 and want to apply an ACL to vlan1, I should have to configure 30 times port by port? Do I have a way to set the 30 ports one time?

Thanks.

Hi Angel,

YES,you have a way to bind the ACL to 30 ports at once via CLI. 

when in CLI configuratuion mode use the interface range command.

I almost gave you the syntax.

Yes just go into CLI mode and ise the ;

interface range command to specify a range of switch ports.

here is an example from my switch using a MAC based ACL

hope this helps

Dave

mac access-list extended stop

deny f0:de:f1:03:c0:d4 00:00:00:00:00:00 00:08:9b:bd:92:2e 00:00:00:00:00:00 vlan 1

permit any any vlan 1

exit


interface range gigabitethernet1 - 10

service-acl input stop

exit

Remember to save your configuration with a write mem


Is it possible to apply such acl on trunk port?