cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7234
Views
5
Helpful
5
Replies

Access-list in Cisco 3560 Series Switch

helios999
Level 1
Level 1

Guys,

I will be implementing access-lists in 3560 switch. Hope you can help me with the configuration. I'm planning to block all ports by default and only allow ports that the user need to access. The ports will be as follows, tcp - 80, 81, 8080, 25, 110, 143. For udp - 23 and port used by IP Phone.

Hope you can help me guys.

Thanks,

John

5 Replies 5

Leo Laohoo
Hall of Fame
Hall of Fame

ip access-list extended yabba-dabba-doo

permit tcp any any eq 80 81 8080 25 110 143

permit udp any any eq 23

and then dont forget to call this access-list on the interface or vlan you want to apply it.

You can use a number for the ACL > 100 or a name as indicated earlier.

If you go with just a number :

access-list 100 permit tcp any any eq 80 81 ...

access-list 100 permit udp any any eq 23

int g1/0/1

ip access-group NAME in

OR

ip access-group 100 in

As for example :

NMS-3750-A(config-if)#ip acc

NMS-3750-A(config-if)#ip access-group ?

<1-199> IP access list (standard or extended)

<1300-2699> IP expanded access list (standard or extended)

WORD Access-list name

Thanks for the reply lavramov. I have one more concern, how about my plan to block all ports then allow ports that users will use one by one.

Do you have any idea how to do it?

What both Leo and Lucien showed would do that.

ACLs terminate with an implicit deny everything. So, the shown examples defined the ports permitted, and block everything else. BTW, you can explicting define an ACL to block traffic too. However, since ACLs are processed in sequence, the "default" shouldn't be the first entry or you'll block all traffic.

Leo Laohoo
Hall of Fame
Hall of Fame

Hi John,

Sorry for the delayed response. At the end of the ACL, there's an "implicit dny (all) deny (all)".

Which means, allow all the traffic from the ports mentioned. If any traffic arrives that are NOT in the specified list, drop-em.

:)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco