Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11771
Views
0
Helpful
5
Replies

SG300 - ACL implementation

Go to solution
bluebytes1
Level 1
Level 1

‎03-26-2012 11:27 AM

Hello,

I have a SG300 Switche working in layer 3 mode.

I configured 3 VLANs on the switch, assigned all ports, given IP addresses to VLANs interfaces, etc.

Now I want to implement ACL to permit or deny access between vlans and hosts.

Can I apply an ACL to a  whole VLAN (in or out) like Catalyst models?

I mean apply the ACL to the entire vlan or the only way in this model is to implement that ACL port by port?

Every time I have a new port configure to work in a Vlan I have to implement the ACL?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
David Hornstein
Level 7
Level 7
In response to bluebytes1

‎03-27-2012 10:56 AM

Yes just go into CLI mode and ise the ;

interface range command to specify a range of switch ports.

here is an example from my switch using a MAC based ACL

hope this helps

Dave

mac access-list extended stop

deny f0:de:f1:03:c0:d4 00:00:00:00:00:00 00:08:9b:bd:92:2e 00:00:00:00:00:00 vlan 1

permit any any vlan 1

exit


interface range gigabitethernet1 - 10

service-acl input stop

exit

Remember to save your configuration with a write mem


View solution in original post

0 Helpful
5 Replies 5

Go to solution
David Hornstein
Level 7
Level 7

‎03-26-2012 06:54 PM

Hi Angel,

There are alot of posts on ACL and the Admin Guide chapter 17 discusses its operation .

But check out the following most interesting post.

https://supportforums.cisco.com/message/3587545#3587545

The SG300 doesn't have the ACL flexability of a catalyst switch.  ACL has to be attached or bound to a switch  port and the ACL then filters on ingress of frames into the switch, not egress..

regards Dave

0 Helpful

Go to solution
bluebytes1
Level 1
Level 1
In response to David Hornstein

‎03-27-2012 09:21 AM

David,

Thanks for your help.

So If I have 30 ports in Vlan1 and want to apply an ACL to vlan1, I should have to configure 30 times port by port? Do I have a way to set the 30 ports one time?

Thanks.

0 Helpful

Go to solution
David Hornstein
Level 7
Level 7
In response to bluebytes1

‎03-27-2012 10:47 AM

Hi Angel,

YES,you have a way to bind the ACL to 30 ports at once via CLI. 

when in CLI configuratuion mode use the interface range command.

I almost gave you the syntax.

0 Helpful

Go to solution
David Hornstein
Level 7
Level 7
In response to bluebytes1

‎03-27-2012 10:56 AM

Yes just go into CLI mode and ise the ;

interface range command to specify a range of switch ports.

here is an example from my switch using a MAC based ACL

hope this helps

Dave

mac access-list extended stop

deny f0:de:f1:03:c0:d4 00:00:00:00:00:00 00:08:9b:bd:92:2e 00:00:00:00:00:00 vlan 1

permit any any vlan 1

exit


interface range gigabitethernet1 - 10

service-acl input stop

exit

Remember to save your configuration with a write mem


0 Helpful

Go to solution
samarjit dutta
Level 1
Level 1
In response to David Hornstein

‎10-06-2015 02:53 AM

Is it possible to apply such acl on trunk port?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents