Protect Single port on switch

Unanswered Question
Dec 11th, 2009

What I have is a single host connected to a port on a 3560 siwtch.  I want to allow this host to go wherever it needs to go, but I do not want other hosts to initiate connections to the host.

is this possible? If so how do I configure as I see that you can only configure inbound ACL's on a switchport and no reflexive acl's at all.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Fri, 12/11/2009 - 13:30

smolz wrote:

What I have is a single host connected to a port on a 3560 siwtch.  I want to allow this host to go wherever it needs to go, but I do not want other hosts to initiate connections to the host.

is this possible? If so how do I configure as I see that you can only configure inbound ACL's on a switchport and no reflexive acl's at all.

To be honest rather than try and get the switch to do it which i'm not sure you can even with a vlan access map because of the return traffic, it would be a whole lot easier to just install a host firewall which will allow you to block all incoming new connections. In fact, if memory serves me right, that is the default setting for XP firewall.

Jon

amrelec Sat, 12/12/2009 - 10:30

you can use ACL (extended) , that you configure your ACL statement as follows:

put your host as a destination address and put any incoming connection as source.

hope that helps

regards,

Amro

Actions

This Discussion