[c-nsp] access list help
Deric Kwok
deric.kwok2000 at gmail.com
Wed Feb 4 13:24:47 EST 2009
>
> Thank you Tim and Steve
>
> >Is your switch being a *switch* in this case, or a *router*, ie a layer-2
> or layer-3 hop?
>
I am using this 3500 switch as switch.
As I can't access my switch now, I can get sh ip access-list
>
> >From the config you're posting, it looks to me like you're applying the
> >traffic inbound towards the switch only - vlan1 is a layer-3 interface on
> >the switch.
>
> >Traffic that's being switched between layer-2 ports will never be
> >processed by that ACL.
>
You mean my access-list is only for router not switch?
In this case, how can I do to not allow www traffic to 192.168.0.115 in
switch?
>
> >What are the interfaces on your switch and their IP addresses?
>
the ip address of switch is 192.168.0.118
>
>
> >Yes, if you want each of those ACLs to permit by default. The default
> >Cisco behaviour is for any traffic not matched at all by an access list to
> >be denied, ie implicit 'deny any any' at the end of every ACL.
>
Could you give me examples ACLs to permit by default?
Thank you so much
>
> Regards,
> Tim.
>
>
>
More information about the cisco-nsp
mailing list