Defining and applying an IPv4 ACL

On the 6400 Switch Series, interface identification differs.

Procedure
  1. Begin defining an IPv4 ACL named FILTER_TO_HOST_B:

    switch(config)# access-list ip FILTER_TO_HOST_B

  2. Add an ACE that denies access from IP address 192.168.1.2 (Host A) to 192.168.2.2 (Host B):

    switch(config-acl-ip)# deny any 192.168.1.2 192.168.2.2 log

  3. Add an ACE that allows access from all other IP addresses:

    switch(config-acl-ip)# permit any any any

  4. Exit the ACL definition:

    switch(config-acl-ip)# exit

  5. Enter the context of the interface to which you will apply the ACL:

    switch(config)# interface 1/1/1

  6. Apply the FILTER_TO_HOST_B ACL to inbound (ingress) traffic:

    switch(config-if)# apply access-list ip FILTER_TO_HOST_B in

  7. Show your ACL:
    switch(config-if)# exit				  
    switch# show access-list ip FILTER_TO_HOST_B
    Type       Name
      Sequence Comment
               Action                          L3 Protocol
               Source IP Address               Source L4 Port(s)
               Destination IP Address          Destination L4 Port(s)
               Additional Parameters
    -------------------------------------------------------------------------------
    IPv4       FILTER_TO_HOST_B
            10
               deny                            any
               192.168.1.2
               192.168.2.2
               Logging: enabled
               Hit-counts: enabled
            20
               permit                          any
               any
               any
    -------------------------------------------------------------------------------