Defining and applying an IPv4 ACL

  1. Begin defining an IPv4 ACL named FILTER_TO_HOST_B:

    switch(config)# access-list ip FILTER_TO_HOST_B

  2. Add an ACE that denies access from IP address (Host A) to (Host B):

    switch(config-acl-ip)# deny any log

  3. Add an ACE that allows access from all other IP addresses:

    switch(config-acl-ip)# permit any any any

  4. Exit the ACL definition:

    switch(config-acl-ip)# exit

  5. Enter the context of the interface to which you will apply the ACL:

    switch(config)# interface 1/1/1

  6. Apply the FILTER_TO_HOST_B ACL to inbound (ingress) traffic:

    switch(config-if)# apply access-list ip FILTER_TO_HOST_B in

  7. Show your ACL:
    switch(config-if)# exit				  
    switch# show access-list ip FILTER_TO_HOST_B
    Type       Name
      Sequence Comment
               Action                          L3 Protocol
               Source IP Address               Source L4 Port(s)
               Destination IP Address          Destination L4 Port(s)
               Additional Parameters
    IPv4       FILTER_TO_HOST_B
               deny                            any
               Logging: enabled
               Hit-counts: enabled
               permit                          any