cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
883
Views
0
Helpful
8
Replies

ACL on CAT OS

Murugan Pambulu
Level 1
Level 1

Hi,

Can any one provide me the alternate CAT OS command for below IOS commands 

Switch(config)#ip access-list extended 100
Switch(config-ext-nacl)#10 permit tcp host 192.168.1.1 any eq 22
Switch(config-ext-nacl)#20 permit tcp host 192.168.2.1 any eq 22
Switch(config-ext-nacl)#exit
Switch(config)#ip access-list extended 101
Switch(config-ext-nacl)#10 permit tcp host 192.168.1.1 any eq 22
Switch(config-ext-nacl)#20 permit tcp host 192.168.2.1 any eq 22
Switch(config-ext-nacl)#exit
Switch(config)#logging 192.168.1.1
Switch(config)#logging 192.168.1.1
Switch(config)#snmp-server host 192.168.1.1 version 2c cisco
Switch(config)#snmp-server host 192.168.2.1 version 2c cisco
Switch(config)#exit
Switch#write

We have CAT OS switch and need to apply the commands 

Thanks in advance 

8 Replies 8

Jon Marshall
Hall of Fame
Hall of Fame

What model switch is this ?

Jon

Cisco WS-C4006

I remember working with those a very long time ago.

The issue is CatOS is L2 not L3.

The 4006 used to have a L3 part to it where you had to manually configure a port channel interface between the L2 and L3 parts.

Is there no L3 element on your switch ?

Jon

I see many L3 VLAN's and routing on the switch. This is L3 switch. I just want to know the commands for ACL configurations in CAT OS switch. Could you please help?

They should be the same.

What errors are you seeing when you try to configure an acl ?

Have you tried just -

"access-list 101 ...."

for example.

Jon

Hi Jon,

We have monitoring tool installed in servers 192.168.1.1 & 192.168.2.1. Just want to know the below commands are correct in Cat OS to send logs to monitoring server from switch

set ip permit 192.168.1.1
set ip permit 192.168.2.1
set snmp community read-only rosebud
set logging server 192.168.1.1
set logging server 192.168.2.1

Please advise

Hello Murugan,

from the point of view of a CATOS L2 supervisor the proposed commands should be fine if my memory does not fail.

You can try them and verify you have SNMP acccess from the two hosts to the supervisor.

Hope to help

Giuseppe

Hi,

To configure L3 features with your box you need WS-X4232-L3 module. You can check via the "show module" CatOS (enable) command. If present you can connect to the module via the "session module#" CatOS command and start your configuration here. There are certain restrictions and limitations, the discussion of these are beyond the scope of this forum.

The basic document to follow is this:

http://www.cisco.com/c/en/us/support/docs/switches/catalyst-4000-series-switches/6198-28.html

Good Luck!

Best regards,

Antonin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco