cisco acl（思科ACL）.doc

cisco acl(思科ACL)
In Cisco there are three options, the function of scheme 1 and 2 are the same, that is bound to specific switch ports on the specific host MAC address (NIC hardware address), scheme 3 is in the switch port and bind specific host MAC address (NIC address and IP address).
Scenario 1 -- port based MAC address binding:
The CISCO 2950 switch for example, log into the switch, input password management enter configuration mode, typing mand:
Switch#config terminal # enter configuration mode
Switch (config) Interface 01 # # into specific port configuration mode
Switch (config-if) switchport port-security mac-address MAC (host's MAC address)
# configure the port to bind the host MAC address.
Switch (config-if) no switchport port-security mac-address MAC (host's MAC address)
# binds the MAC address of the host
Note: the mand set the switch on a specific MAC address to a port binding, so that only the host can use work, if the host card for a replacement or other PC machine to use
through the work are not available, unless the deletion or modification of the port binding MAC address to normal use. (the above functions are applicable to CISCO 2950, 3550, 4500, 6500 series switches)
Scenario 2 -- an extended access list based on MAC address
Switch (config) Mac access-list extended MAC10
# define an MAC address access control list and named the list named MAC10
Switch (config) permit host any
# defined MAC address for the host can access any host
Switch (config) interface fa020
# into the specific configuration of the port mode
Switch (config) MAC access-group MAC10 in
# application called MAC10 access list on that port (the access policy we define)
Switch (config) no MAC access-list extended MAC10
# clear called MAC10 access list
This function is basically the same as the application, but it is a MAC address access control list limit based on port, which can limit the specific source MAC address and destinati