01-23-2010 10:22 PM - edited 03-06-2019 09:25 AM
Dear Experts,
Can it is possible when ip address directely assigned at customers pc only. not in cisco 3550 on interface and also vlan interface ??
I need deny ip per interface through access-list.
can it is possible deny ip when ip address asigned at customers pc only not assigned on interace and also on vlan interface
in cisco 3550 ??
pl see bellow my network diagram
we are using cisco 3550 switch to authenticat our users to our both the server which is connectd interface port 1 and 2
Interface port 1 connectd with billing Authenticaion Server 1 ( ip 172.16.0.1 directly assing on server not in inteface)
Inerface port 2 conneted with Billing Authentication server 2 ( 172.16.0.2 directly assinged on server not in intefface)
Interface port 3 to 48 connetd each port with single 48 port DSLAM to connetd customers ADSL modem and then PC.
All the interface from port 1 to 48 access on same VLAn (vlan 2)
All the customers need to authentic to both the servers only.
Interface port 3 customers ip range 172.16.48.1 to 254 and 172.16.49.1 to 254 needs to access ip 172.16.0.1 & 2 and other are deny)
interface port 4 customer ip range 172.16.52.1 to 254 and 172.16.50.1 to 254 needs to access ip 172.16.0.1 & 2 and other are deny.
pl suggest me my bellow config templates it's right or needs to any change.
access-list extended abc
permit ip 172.16.48.0 0.0.0.255 host 172.16.0.1
permit ip 172.16.48.0 0.0.0.255 host 172.16.0.2
permit ip 172.16.49.0 0.0.0.255 host 172.16.0.1
permit ip 172.16.49.0 0.0.0.255 host 172.16.0.2
deny ip any any
and then apply on interface port 3
access-group abc in
Please guide me it is possible when ip address asigned dierecty on customer pc ??
Thanks in ADV,
Vaib...
01-24-2010 01:36 AM
Dear Experts,
Can it is possible when ip address directely assigned at customers pc only. not in cisco 3550 on interface and also vlan interface ??
I need deny ip per interface through access-list.
can it is possible deny ip when ip address asigned at customers pc only not assigned on interace and also on vlan interface
in cisco 3550 ??pl see bellow my network diagram
we are using cisco 3550 switch to authenticat our users to our both the server which is connectd interface port 1 and 2
Interface port 1 connectd with billing Authenticaion Server 1 ( ip 172.16.0.1 directly assing on server not in inteface)
Inerface port 2 conneted with Billing Authentication server 2 ( 172.16.0.2 directly assinged on server not in intefface)
Interface port 3 to 48 connetd each port with single 48 port DSLAM to connetd customers ADSL modem and then PC.
All the interface from port 1 to 48 access on same VLAn (vlan 2)
All the customers need to authentic to both the servers only.
Interface port 3 customers ip range 172.16.48.1 to 254 and 172.16.49.1 to 254 needs to access ip 172.16.0.1 & 2 and other are deny)
interface port 4 customer ip range 172.16.52.1 to 254 and 172.16.50.1 to 254 needs to access ip 172.16.0.1 & 2 and other are deny.
pl suggest me my bellow config templates it's right or needs to any change.
access-list extended abc
permit ip 172.16.48.0 0.0.0.255 host 172.16.0.1
permit ip 172.16.48.0 0.0.0.255 host 172.16.0.2
permit ip 172.16.49.0 0.0.0.255 host 172.16.0.1
permit ip 172.16.49.0 0.0.0.255 host 172.16.0.2
deny ip any anyand then apply on interface port 3
access-group abc in
Please guide me it is possible when ip address asigned dierecty on customer pc ??Thanks in ADV,
Vaib...
Hi Vaibhav,
For your configuration is called as port based ACL which are used to filter incoming traffic on Layer 2 interfaces, using Layer 3 information, Layer
4 header information, or non-IP Layer 2 information.
It will work if you have any other query just check out the below link on Port based ACL and VACL.
Hope it help out your query !!
Regards
Ganesh.H
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide