Blocking 8010 port servers communication

Unanswered Question
Mar 19th, 2009
User Badges:

Hi.


How can I block the communication between two servers on port 8010 on a 4506 switch?. I can do it for access lists?


Thanks in advance,


[email protected]

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 03/19/2009 - 09:51
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Yes you can.


If the servers are on different vlans then you can just standard acl's on the L3 vlan interfaces.


If the servers are on the same vlan then you can use vlan maps to restrict access.


See this link for 4500 acl configuration details -


http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/44sg/configuration/guide/secure.html


Jon

rmarulandazapata Thu, 03/19/2009 - 11:34
User Badges:

Thank you very much Jon.


then for my case the setup would be:


Switch(config)# ip access-list extended 8010

Switch(config-ext-nacl)# permit udp host x.x.x.x host x.x.x.x eq 8010

Switch(config-ext-nacl)# exit


Next, create a VLAN access map named map2 so that traffic that matches the http access list is dropped and all other IP traffic is forwarded, as follows:


Switch(config)# vlan access-map map2 10

Switch(config-access-map)# match ip address 8010

Switch(config-access-map)# action drop

Switch(config-access-map)# exit

Switch(config)# ip access-list extended match_all

Switch(config-ext-nacl)# permit ip any any

Switch(config-ext-nacl)# exit

Switch(config)# vlan access-map map2 20

Switch(config-access-map)# match ip address match_all

Switch(config-access-map)# action forward


Then, apply the VLAN access map named map2 to VLAN 1, as follows:


Switch(config)# vlan filter map2 vlan 1


This would block traffic to this port in both directions?


Thanks again,


[email protected]

Actions

This Discussion