From 85975a50aecee70c7c26eb22ced42bfacaad4306 Mon Sep 17 00:00:00 2001 From: arc Date: Tue, 28 Nov 2023 22:17:06 +0000 Subject: [PATCH 1/2] Update 'IT/Configuring a Cisco IOS Switch.md' --- IT/Configuring a Cisco IOS Switch.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/IT/Configuring a Cisco IOS Switch.md b/IT/Configuring a Cisco IOS Switch.md index 773b798..61c4028 100644 --- a/IT/Configuring a Cisco IOS Switch.md +++ b/IT/Configuring a Cisco IOS Switch.md @@ -97,6 +97,20 @@ vlan [vlan-id] no shutdown ``` +# Access list management +Access lists are created implicitly when you apply the first configuration. More docs for access list management can be found at . +### Permitting a particular network for a numbered access list +From the privileged exec terminal: +``` +access-list [access-list-num] permit [network] [wildcard-mask] +``` +`permit` can be substituted with `deny` to instead explictly deny a network. An example of a valid network could be `192.168.1.0`, and a wildcard mask for a `/24` would be `0.0.0.255`. Unless explictly stated, an access list will deny all other traffic. You can explicitly allow traffic by default for a numbered access list with `access-list [access-list-num] permit any`. + +### Denying traffic from a particular address for a numbered access list +``` +access-list [access-list-num] deny [address] +``` + # Viewing configs ### Vlan config From the privileged exec terminal: From 99335469952d0d35c13c17518a0efe1762b87702 Mon Sep 17 00:00:00 2001 From: arc Date: Tue, 28 Nov 2023 22:21:20 +0000 Subject: [PATCH 2/2] Update 'IT/Configuring a Cisco IOS Switch.md' --- IT/Configuring a Cisco IOS Switch.md | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/IT/Configuring a Cisco IOS Switch.md b/IT/Configuring a Cisco IOS Switch.md index 61c4028..034cf3d 100644 --- a/IT/Configuring a Cisco IOS Switch.md +++ b/IT/Configuring a Cisco IOS Switch.md @@ -20,7 +20,7 @@ configure terminal Shorthand: `conf t` ## Create/edit a vlan -[docs](https://community.cisco.com/t5/networking-knowledge-base/how-to-configure-vlans-on-the-catalyst-switches/ta-p/3131780) +[docs](https://community.cisco.com/t5/networking-knowledge-base/how-to-configure-vlans-on-the-catalyst-switches/ta-p/3131780)
From configuration mode: ``` vlan [vlan-id] @@ -34,7 +34,7 @@ name [ascii name] ``` where `[ascii name]` is the name you want to assign (EG: `Accounting`) ## Assign interfaces to a vlan -[docs](https://community.cisco.com/t5/networking-knowledge-base/how-to-configure-vlans-on-the-catalyst-switches/ta-p/3131780) +[docs](https://community.cisco.com/t5/networking-knowledge-base/how-to-configure-vlans-on-the-catalyst-switches/ta-p/3131780)
Enter interface config mode (from conf mode): Single port: ``` @@ -107,10 +107,17 @@ access-list [access-list-num] permit [network] [wildcard-mask] `permit` can be substituted with `deny` to instead explictly deny a network. An example of a valid network could be `192.168.1.0`, and a wildcard mask for a `/24` would be `0.0.0.255`. Unless explictly stated, an access list will deny all other traffic. You can explicitly allow traffic by default for a numbered access list with `access-list [access-list-num] permit any`. ### Denying traffic from a particular address for a numbered access list +From the privileged exec terminal: ``` access-list [access-list-num] deny [address] ``` +### Applying a numbered access list to a particular interface +From `config-if` mode: +``` +ip access-group [access-list-number] +``` + # Viewing configs ### Vlan config From the privileged exec terminal: @@ -134,9 +141,11 @@ From privileged exec: ``` show interface trunk ``` + ## Helpful Resources Trying to figure out where in the command hierarchy you are? - https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_46_se/command/reference/cr1/intro.pdf Wondering more about the Cisco IOS CLI? - https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_46_se/command/reference/cr1/intro.pdf -- \ No newline at end of file +Wish you knew more about a command? +- https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/configuration/xe-16-5/fundamentals-xe-16-5-book/cf-cli-basics.html#:~:text=Filtering%20CLI%20Output-,Getting%20Context%2DSensitive%20Help,-Entering%20a%20question \ No newline at end of file