Protect Single port on switch

Unanswered Question
Dec 11th, 2009
User Badges:

What I have is a single host connected to a port on a 3560 siwtch.  I want to allow this host to go wherever it needs to go, but I do not want other hosts to initiate connections to the host.


is this possible? If so how do I configure as I see that you can only configure inbound ACL's on a switchport and no reflexive acl's at all.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Fri, 12/11/2009 - 13:30
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

smolz wrote:


What I have is a single host connected to a port on a 3560 siwtch.  I want to allow this host to go wherever it needs to go, but I do not want other hosts to initiate connections to the host.


is this possible? If so how do I configure as I see that you can only configure inbound ACL's on a switchport and no reflexive acl's at all.


To be honest rather than try and get the switch to do it which i'm not sure you can even with a vlan access map because of the return traffic, it would be a whole lot easier to just install a host firewall which will allow you to block all incoming new connections. In fact, if memory serves me right, that is the default setting for XP firewall.


Jon

amrelec Sat, 12/12/2009 - 10:30
User Badges:

you can use ACL (extended) , that you configure your ACL statement as follows:

put your host as a destination address and put any incoming connection as source.



hope that helps

regards,

Amro

Actions

This Discussion