deny ip per interface when ip assigned at customers pc only - Cisco Community

321

Views

0

Helpful

1

Replies

Dear Experts,

Can it is possible when ip address directely assigned at customers pc only. not in cisco 3550 on interface and also vlan interface ??

I need deny ip per interface through access-list.

can it is possible deny ip when ip address asigned at customers pc only not assigned on interace and also on vlan interface
in cisco 3550 ??

pl see bellow my network diagram

we are using cisco 3550 switch to authenticat our users to our both the server which is connectd interface port 1 and 2

Interface port 1 connectd with billing Authenticaion Server 1 ( ip 172.16.0.1 directly assing on server not in inteface)

Inerface port 2 conneted with Billing Authentication server 2 ( 172.16.0.2 directly assinged on server not in intefface)

Interface port 3 to 48 connetd each port with single 48 port DSLAM to connetd customers ADSL modem and then PC.

All the interface from port 1 to 48 access on same VLAn (vlan 2)

All the customers need to authentic to both the servers only.

Interface port 3 customers ip range 172.16.48.1 to 254 and 172.16.49.1 to 254 needs to access ip 172.16.0.1 & 2 and other are deny)

interface port 4 customer ip range 172.16.52.1 to 254 and 172.16.50.1 to 254 needs to access ip 172.16.0.1 & 2 and other are deny.

pl suggest me my bellow config templates it's right or needs to any change.

access-list extended abc
permit ip 172.16.48.0 0.0.0.255 host 172.16.0.1
permit ip 172.16.48.0 0.0.0.255 host 172.16.0.2
permit ip 172.16.49.0 0.0.0.255 host 172.16.0.1
permit ip 172.16.49.0 0.0.0.255 host 172.16.0.2
deny ip any any

and then apply on interface port 3

access-group abc in

Please guide me it is possible when ip address asigned dierecty on customer pc ??

Thanks in ADV,

Vaib...

1 Reply 1

Dear Experts,

Can it is possible when ip address directely assigned at customers pc only. not in cisco 3550 on interface and also vlan interface ??

I need deny ip per interface through access-list.

can it is possible deny ip when ip address asigned at customers pc only not assigned on interace and also on vlan interface
in cisco 3550 ??

pl see bellow my network diagram

we are using cisco 3550 switch to authenticat our users to our both the server which is connectd interface port 1 and 2

Interface port 1 connectd with billing Authenticaion Server 1 ( ip 172.16.0.1 directly assing on server not in inteface)

Inerface port 2 conneted with Billing Authentication server 2 ( 172.16.0.2 directly assinged on server not in intefface)

Interface port 3 to 48 connetd each port with single 48 port DSLAM to connetd customers ADSL modem and then PC.

All the interface from port 1 to 48 access on same VLAn (vlan 2)

All the customers need to authentic to both the servers only.

Interface port 3 customers ip range 172.16.48.1 to 254 and 172.16.49.1 to 254 needs to access ip 172.16.0.1 & 2 and other are deny)

interface port 4 customer ip range 172.16.52.1 to 254 and 172.16.50.1 to 254 needs to access ip 172.16.0.1 & 2 and other are deny.

pl suggest me my bellow config templates it's right or needs to any change.

access-list extended abc
permit ip 172.16.48.0 0.0.0.255 host 172.16.0.1
permit ip 172.16.48.0 0.0.0.255 host 172.16.0.2
permit ip 172.16.49.0 0.0.0.255 host 172.16.0.1
permit ip 172.16.49.0 0.0.0.255 host 172.16.0.2
deny ip any any

and then apply on interface port 3

access-group abc in

Please guide me it is possible when ip address asigned dierecty on customer pc ??

Thanks in ADV,

Vaib...

Hi Vaibhav,

For your configuration is called as port based ACL which are used to filter incoming traffic on Layer 2 interfaces, using Layer 3 information, Layer
4 header information, or non-IP Layer 2 information.

It will work if you have any other query just check out the below link on Port based ACL and VACL.

http://www.ciscosystems.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/vacl.pdf

Hope it help out your query !!

Regards

Ganesh.H

Review Cisco Networking products for a $25 gift card