Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL on Cat 2924

All responses are welcomed!

I have a Cat 2924 with a basic configuration running Version 12.0(5.1)XP. I am trying to limit access to our payroll server. Only the default VLAN is configured. After applying the following ACL, PCs other than the ones listed in the permit statements were able to ping the server. Can anyone explain what I am doing wrong or give me some direction to look for a correct configuration?

access-list 101 remark Limits access to the Payroll server

access-list 101 permit ip host 172.16.1.179 host 172.16.1.35

access-list 101 permit ip host 172.16.1.169 host 172.16.1.35

access-list 101 permit ip host 172.16.1.130 host 172.16.1.35

access-list 101 permit ip host 172.16.1.180 host 172.16.1.35

access-list 101 permit ip host 172.16.1.172 host 172.16.1.35

access-list 101 permit ip host 172.16.1.145 host 172.16.1.35

access-list 101 permit ip host 172.16.1.171 host 172.16.1.35

access-list 101 permit ip host 172.16.1.29 host 172.16.1.35

access-list 101 deny ip any host 172.16.1.35

access-list 101 permit ip any any

!

int vlan 1

ip access-group 101 in

!

Thanks in advance for any and all responses!

Steve

4 REPLIES
Cisco Employee

Re: ACL on Cat 2924

Access-lists are not supported on the XL series switches. The CLI might accept the commands but they will not work

New Member

Re: ACL on Cat 2924

Thank you for your quick response! I guess that's why it didn't work...but does not explain my missing hair. :-)

Steve

Re: ACL on Cat 2924

Hi,

to be exact:

Access list DO work on Cat2924.

But you can assign them only to virtual MANAGEMENT INTERFACE (int VLAN1 e.g.).

So you can limit the access to the switch management interface and allow only your management station to telnet to it, e.g.

BUT you can't limit access from a device inside VLAN1 to another device based on IP addresses. This is an L3 functionality not provided by Cat2924.

Regards,

Milan

New Member

Re: ACL on Cat 2924

If you don't want to allow for pings, you must implicitly deny ICMP packets...

374
Views
0
Helpful
4
Replies
CreatePlease login to create content