Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
14906
Views
10
Helpful
3
Comments

Access Control Lists (ACLs) and Access Control Entries (ACEs) Configuration on Sx200/300 Series Managed Switches

almoncad
Level 1
Level 1

on ‎05-15-2013 09:50 AM

An Access Control List (ACL) is an ordered list of actions the switch performs one by one. Each action is defined by an Access Control Entry (ACE) which specifies the decisions the ACL must perform. These ACEs can perform tasks such as allowing or denying a specific network portion, or a network protocol. A single ACL can have more than one ACE to accomplished a given task. The Sx200/300 Series Managed Switches can have 512 ACLs and 512 ACEs.

ACLs are of great use in a network since they provide the tools to filter traffic according to the network needs, which makes the network more reliable and efficient.

ACL & ACE Configuration Articles:

MAC Based ACL and ACE Configuration on 300 Series Managed Switches

Configure IPv4-Based Access Lists on the 200/300 Series Managed Switches

IPv6-Based ACL & ACE on 300 Series Managed Switches

Bind Access Control List (ACL) to an Interface on 200/300 Series Managed Switches

Was this information Helpful? Please leave us your feedback.

Comments
jialbert
Level 1
Level 1
‎05-17-2013 10:40 PM

CLI Examples:

time-range Weekend

periodic sat 00:00 to sun 23:59

mac access-list extended MAC

permit 00:00:00:00:10:00 00:00:00:00:00:00 any

ipv6 access-list "v6"

permit ipv6 2001::/64 2003::/64 time-range Weekend

ip access-list extended Server

permit icmp 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255 any any

permit tcp 192.168.1.0 0.0.0.255 any 172.16.1.0 0.0.0.255 any

permit ip any any time-range Weekend

interface Port-channel1

service-acl input Server

!

SG300(config-if)#do sh access

Extended IP access list Server

    permit  icmp 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255 type any code any

    permit  tcp 192.168.1.0 0.0.0.255 any 172.16.1.0 0.0.0.255 any

    permit  ip any any time-range Weekend

SG300(config-if)#do sh time-ran

time-range Weekend

periodic Saturday 00:00 to Sunday 23:59

SG300(config-if)#do sh int access

Interface                  ACLs

---------          -----------------------

Po1                Ingress: Server

SG300(config-if)#

almoncad
Level 1
Level 1
‎05-21-2013 12:27 PM

Thank you

Since1953
Level 1
Level 1
‎06-25-2018 01:10 PM

I'm using the SG300. Is this the same or similar as MAC Filtering?

 

In reading how to configure an ACL and ACE, it appears that you can only apply one ACL per interface (i.e., VLAN 1). I have 200+ devices that I want to permit access (and deny all others) however, the ACE will only let me have 31 entries per ACL. 

 

Is there something I'm missing, or is this a limitation of the SG300? 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents