10-12-2006 12:55 AM - edited 03-05-2019 12:12 PM
Hi
I have a 2950 Enhanced image catalyst switch
my goal is that do something to make only one destination (sepecific host) available for my source address clients.
how can I use access-list for this issue?
10-12-2006 12:59 AM
Hi Friend,
You can configure extended access list and apply on to the physical interfaces
Check this link for more details
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12120ea2/2950scg/swacl.htm#wp1092483
HTH
Ankur
10-12-2006 01:09 AM
i have this config on my switch but i seems it doesnt work
access-list 101 permit any 172.16.100.70 0.0.0.255
---
i have also access-group command on the interface.
"172.16.100.70 is my target for clients"
10-12-2006 02:54 AM
Hi Friend,
What are the results...are the clients able to reach everybody I mean something other than 172.16 network?
Regards,
Ankur
10-12-2006 08:50 PM
Hi,
ACLs applied to a physical interface has a limitation of one mask
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12120ea2/2950scg/swacl.htm#wp1082773
HTH
Narayan
10-12-2006 10:25 PM
try applying below statement in the access list and apply it in the interface.
access-list 101 permit any host 172.16.100.70 log
try to access this host from few PCs and check your ACL if it is getting hit.
10-16-2006 12:26 AM
Do not use logging (log keyword) in switches access-lists - all packets matching access-list rows with log keyword must be sent to CPU instead of processing in hardware. This will significantly degrade the switches performace.
//Mikhail Galiulin
10-15-2006 06:53 AM
your acl does not make sense..
access-list 101 permit any 172.16.100.70 0.0.0.255
You have are defining a host address, but a /24 mask...
it should be access-list 101 permit any host 172.16.100.70
Jens
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide