[c-nsp] access list help

Jay Hennigan jay at west.net
Thu Feb 5 11:49:58 EST 2009


Deric Kwok wrote:

> I am using this 3500 switch as switch.
> As I can't access my switch now, I can get sh ip access-list

If you weren't able to save the change because you made it via IP 
(telnet or HTTP), reboot the switch and you'll be able to get in again. 
  Otherwise, you'll need to use a console cable locally at the switch.

> You mean my access-list is only for router not switch?

IP access-lists are only for routers (or as you discovered, for 
controlling traffic to the switch itself.)

> In this case, how can I do to not allow www traffic to 192.168.0.115 in
> switch?

You don't.  You do it in the router.  A layer 2 switch is unaware of IP 
addresses or applications with regard to traffic passing through the 
switch.  Because the switch doesn't examine or process IP address, 
protocol, or port information, it can't filter it.

--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV


More information about the cisco-nsp mailing list