[c-nsp] access list help
Jay Hennigan
jay at west.net
Thu Feb 5 11:49:58 EST 2009
Deric Kwok wrote:
> I am using this 3500 switch as switch.
> As I can't access my switch now, I can get sh ip access-list
If you weren't able to save the change because you made it via IP
(telnet or HTTP), reboot the switch and you'll be able to get in again.
Otherwise, you'll need to use a console cable locally at the switch.
> You mean my access-list is only for router not switch?
IP access-lists are only for routers (or as you discovered, for
controlling traffic to the switch itself.)
> In this case, how can I do to not allow www traffic to 192.168.0.115 in
> switch?
You don't. You do it in the router. A layer 2 switch is unaware of IP
addresses or applications with regard to traffic passing through the
switch. Because the switch doesn't examine or process IP address,
protocol, or port information, it can't filter it.
--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
More information about the cisco-nsp
mailing list