Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Block a destination via switch

Hi

I have a 2950 Enhanced image catalyst switch

my goal is that do something to make only one destination (sepecific host) available for my source address clients.

how can I use access-list for this issue?

7 REPLIES
Cisco Employee

Re: Block a destination via switch

Hi Friend,

You can configure extended access list and apply on to the physical interfaces

Check this link for more details

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12120ea2/2950scg/swacl.htm#wp1092483

HTH

Ankur

New Member

Re: Block a destination via switch

i have this config on my switch but i seems it doesnt work

access-list 101 permit any 172.16.100.70 0.0.0.255

---

i have also access-group command on the interface.

"172.16.100.70 is my target for clients"

Cisco Employee

Re: Block a destination via switch

Hi Friend,

What are the results...are the clients able to reach everybody I mean something other than 172.16 network?

Regards,

Ankur

Re: Block a destination via switch

Hi,

ACLs applied to a physical interface has a limitation of one mask

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12120ea2/2950scg/swacl.htm#wp1082773

HTH

Narayan

Re: Block a destination via switch

try applying below statement in the access list and apply it in the interface.

access-list 101 permit any host 172.16.100.70 log

try to access this host from few PCs and check your ACL if it is getting hit.

New Member

Re: Block a destination via switch

Do not use logging (log keyword) in switches access-lists - all packets matching access-list rows with log keyword must be sent to CPU instead of processing in hardware. This will significantly degrade the switches performace.

//Mikhail Galiulin

New Member

Re: Block a destination via switch

your acl does not make sense..

access-list 101 permit any 172.16.100.70 0.0.0.255

You have are defining a host address, but a /24 mask...

it should be access-list 101 permit any host 172.16.100.70

Jens

191
Views
0
Helpful
7
Replies
CreatePlease login to create content