KB.15.15

Example

Suppose you want to create an extended ACL for an RACL application to fulfill the following

requirements (Assume a subnet mask of 255.255.255.0 and a TFTP server at 10.10.10.1.):

• ID: "LIST-20-IN"

• Deny Telnet access to a server at 10.10.10.100 on VLAN 10 from these three addresses on

VLAN 20 with ACL logging:

• 10.10.20.17

• 10.10.20.23

• 10.10.20.40

• Allow any access to the server from all other addresses on VLAN 20:

• Permit internet access to these two address on VLAN 20, but deny access to all other addresses

on VLAN 20 (without ACL logging).

• 10.10.20.98

• 10.10.20.21

• Deny all other IPv4 traffic from VLAN 20 to VLAN 10.

• Deny all IPv4 traffic from VLAN 30 (10.10.30.0) to the server at 10.10.10.100 on VLAN 10

(without ACL logging), but allow any other IPv4 traffic from VLAN 30 to VLAN 10.

• Deny all other inbound IPv4 traffic to VLAN 20. (Hint: The Implicit Deny can achieve this

objective.)

1. Create a .txt file with the content shown in figure.

Figure 197 A .txt file designed for creating an ACL

2. After copying the above..txt file to a TFTP server the switch can access, execute the following

command:

copy tftp command-file 10.10.10.1 LIST-20-IN.txt pc

In this example, the CLI shows the following output to indicate that the ACL was successfully

downloaded to the switch:

286 IPv4 Access Control Lists (ACLs)