VLAN ACL`s

Answered Question
Jul 24th, 2008

Hello All,

I would like to know that Can I define ACL on my 3750. I would like to do ACl witch have permits for ports and services (used by servers)which I defined and option any any to log on syslog. Is there any possibility to do that?


Thanks

Correct Answer by Sebastian Helmer about 8 years 7 months ago

Hello,


would this helps you? An extended ACL.


Here an example. You only need to bind these acl to an interface.


config terminal


"For all services and ports with the same acl number"

access-list 102 permit tcp "source+wildard" "detination+wildacrd" eq "Port or service"


access-list 102 deny any any


best regards

Sebastian

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Sebastian Helmer Thu, 07/24/2008 - 03:25

Hello,


would this helps you? An extended ACL.


Here an example. You only need to bind these acl to an interface.


config terminal


"For all services and ports with the same acl number"

access-list 102 permit tcp "source+wildard" "detination+wildacrd" eq "Port or service"


access-list 102 deny any any


best regards

Sebastian

maciejwrax Thu, 07/24/2008 - 03:45

Could You explain me "source+wildcard" I have example: one port to one server, then a I have service on port 1233 - Veritas Backup and it must be permit...so what syntax must be


best regards Maciek

maciejwrax Thu, 07/24/2008 - 04:24

Ouuh I think i've got the answer:


access-list access-list-number {permit | deny} protocol source

source-wildcard [operator source-port] destination destination-wildcard

[operator destination-port] [precedence precedence-number] [tos tos]

[established] [log | log-input]


Pleace correct me I'm wrong

Sebastian Helmer Thu, 07/24/2008 - 04:31

That is exactly what I mean. I tried only to explain it on an example.


here is what i would try.

access-list 102 permit tcp any 10.6.4.5 0.0.0.0 eq 1233


Sebastian

Actions

This Discussion