Allow 3389, http, https

Unanswered Question
Jun 12th, 2009

Hi!

I have a 24 Ports Cisco 3750 Switch. Is it possible to configure any of its port to allow only 3389, http and https requests coming from the IP Range 192.168.10.71, 192.168.10.100 Mask: 255.255.255.0 and block all others ports and IP Ranges?

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Laurent Aubert Fri, 06/12/2009 - 12:23

Hi,

When you translate 71 and 100 into binary, it looks like:

71: 0100 0111

100: 0110 0100

Only the two first bits never change so the closest range to 71-100 is 64-127. So it doesn't worth it playing with the wildcard mask.

The ACL with the minimum number of lines will be the one with one line per IP address of the range 71-100 and per TCP port (29x3=87 lines):

access-list 100 permit tcp host 192.168.10.x any eq 3389

access-list 100 permit tcp host 192.168.10.x any eq 80

access-list 100 permit tcp host 192.168.10.x any eq 443

with 71<=x<=100

You can then apply this ACL in input on the port of the switch:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/configuration/guide/swacl.html#wp1667255

HTH

Laurent.

Actions

This Discussion