Allow 3389, http, https

Unanswered Question
Jun 12th, 2009
User Badges:

Hi!


I have a 24 Ports Cisco 3750 Switch. Is it possible to configure any of its port to allow only 3389, http and https requests coming from the IP Range 192.168.10.71, 192.168.10.100 Mask: 255.255.255.0 and block all others ports and IP Ranges?


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Laurent Aubert Fri, 06/12/2009 - 12:23
User Badges:
  • Cisco Employee,

Hi,


When you translate 71 and 100 into binary, it looks like:


71: 0100 0111

100: 0110 0100


Only the two first bits never change so the closest range to 71-100 is 64-127. So it doesn't worth it playing with the wildcard mask.


The ACL with the minimum number of lines will be the one with one line per IP address of the range 71-100 and per TCP port (29x3=87 lines):


access-list 100 permit tcp host 192.168.10.x any eq 3389

access-list 100 permit tcp host 192.168.10.x any eq 80

access-list 100 permit tcp host 192.168.10.x any eq 443


with 71<=x<=100


You can then apply this ACL in input on the port of the switch:


http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/configuration/guide/swacl.html#wp1667255



HTH


Laurent.

Actions

This Discussion