Enable disable TCP ports using ACLs

Unanswered Question
Mar 21st, 2010
User Badges:



Hi,

I need to block some tcp ports for certain switch ports (block one network access by those ports). But when ever I need I should be able to disable the rule and enable access and again enable the rule (to block the port again).

At the moment I have Linksys SRW224G4 and look at IP based ACL and look like I could block the ports.

But so far I could not find a way to disable the rule temporarily other than delete the rule.

What I'm trying to do is block access to few ports. Let say port 80, 8080, and 25. But when ever need to access I need to enable/disable the rule. Enable / disable the rule have to be done using script or RADIUS server (prefer to use a script) since this task (enable / disable)  to be done by none technical users.




Am I missing something on the SRW224G4 switch or is there new switch I could use for this purpose?

Other issue I can see when ever I login to Linksys switch via command like goes to a menu.

Is there anyway I could issue commands like CISCO?


Or could I use small CISCO managed switch to do this? I'm not very familiar with CISCO switches  other than configure few few routers and PIX.


I'm not intend to use a firewall hear since at the moment there is no way I could change the gateway or the IP addresses in the network.



Thank you,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
alissitz Thu, 03/25/2010 - 06:42
User Badges:
  • Silver, 250 points or more

I do not have one of these switches in front of me, however it sounds like you cannot edit an active rule.


This is fairly common in my experience ..., since the order of the ACL is most important.  It is not always a bad idea to create a second ACL and then delete the first one and re-apply the second one.


Make sense?


With Cisco you have a lot more flexibility, features, and functionality; you can get yourself out of, and into any trouble!    Also configuration is done via a very smooth GUI tool called Cisco Network Assistant.(CNA).  Of course scripting and CLI work well too


With ACLs, the order will always be important and do not forget the 'unwritten deny-all' statement at the end of the ACL.


The menu will always come up when accessing the console port or telnet.  No way around this ...


CLI is not supported on these switches, and I would not want to see you install and unsupported installation.


HTH,


Andrew Lissitz

pereraMalik Mon, 03/29/2010 - 19:26
User Badges:


Thank you Andrew for your answer,

I think need to explain little bit more about my situation.

Part of my internal network need more control.  Certain ports blocked (let say ssh port) and only allowed with  permission. But there is no restriction on other ports.

If a user wanted access they have talk to somebody to enable the port.

Person who is enable/disable will be none technical person, so that person only capable click a icon, run a command or go to a web page and click a link.


To do above web access to switch useless and I could not let a none technical person to do so.

So I wanted to write a script (shell script or php on Linux machine) and let the user to access the script. ssh session initiation to be done by ssh public key based authentication.


My main issue with Linksys SRW224G4 is when I ssh (or telnet) goes to a menu and there is no way to manipulate settings by script.

What I wanted to know is there any other switch I could do so.


What I know CISCO switch allowed to access command line.

What I do not know is the CISCO switch could configure a ssh session initiation by ssh public key based authentication.?

If CISCO switch could configure ssh public key based authentication what is the smallest model I could buy?

Is there any Linksys switch I could do this?


Thank you again,

Actions

This Discussion