Announcement

Collapse
No announcement yet.

Cisco switch port access list

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco switch port access list

    We have an outside computer that needs to be brought in & connected to our network but at the same time with denial to most of the critical ports such as telnet, rdp, ftp, etc. and permission to everything else (internet, voice IP phones, email outlook smtp, any other custom ports used by local applications, etc.).

    Could someone help me with how to create such an access list by either limiting the switch port or by its IP address. I am not sure on how exactly to create the access lists and where or how to apply. Should I be using a port ACL or IP ACL, which would be the best way to do this?

    Cisco switches - 3750PoE 48ports
    All the ports are part of two vlans - access & voice.

    Thanks in advance.

  • #2
    Re: Cisco switch port access list

    The 3750 supports private vlan's so you could go that route. Another option is to create a new vlan a corresponding SVI on the switch and use access-lists to fiter.


    vlan 20


    int vlan 20
    ip x.x.x.x y.y.y.y
    ip access-group 100 in


    access-list 100 deny x.x.x.x y.y.y.y any eq telnet
    access-list 100 deny x.x.x.x y.y.y.y any eq ftp
    access-list 100 deny x.x.x.x y.y.y.y any eq 3389
    access-list 100 permit ip any any
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment

    Working...
    X