Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Block Smtp

Hey all,

i need help writing an acl to block smtp for hosts from 10.1.1.20 - 10.1.1.252?

thanks

6 REPLIES

Block Smtp

Hi Scott,

Where do you want block the smtp?
do you want block from outside?
or inside the LAN?

Do you have seperate vlan for the following range 10.1.1.20 - 10.1.1.252?


Please let us know the details so that we can guide you with configuration part.


Please rate all the helpfull posts.
Regards,
Naidu.

New Member

Block Smtp

i would like to block outbound interfaces, nope they are on the same vlan.

to give you some background i have a client who is using an old Netgear router and wants to change over to an 1801 adsl router, they have a rule to block SMTP on the outbound services from 10.1.1.20 - 10.1.1.252

Block Smtp

so you want clients from 10.1.1.20 - 10.1.1.252 should not access the smtp server right?
If the above is correct then you can define the acl like below and apply to the specific vlan interface.
below are the examples only.

ip access exte smtp-block
deny tcp 10.1.1.0 0.0.0.255 host smtp-server-ip eq smtp

int vlan10
ip address 10.1.1.1
ip access-group smtp-block in


Please rate all the helpfull posts.
Regards,
Naidu.

Please rate all the helpfull posts.
Regards,
Naidu.

New Member

Block Smtp

thanks for that but i need to allow clients from 10.1.1.1 - 10.1.1.19 to access smtp

Block Smtp

Then you need some more rules

ip access exte smtp-block

permit tcp 10.1.1.0 0.0.0.15 host smtp-server-ip eq smtp

permit tcp host 10.1.1.16 host smtp-server-ip eq smtp

permit tcp host 10.1.1.17 host smtp-server-ip eq smtp

permit tcp host 10.1.1.18 host smtp-server-ip eq smtp

permit tcp host 10.1.1.19 host smtp-server-ip eq smtp

deny tcp 10.1.1.0 0.0.0.255 host smtp-server-ip eq smtp

permit ip any any

Block Smtp

The above suggestion is ok but you need to allow 10.1.1.15 also because the 10.1.1.15 will not covered under /28 subnet, so below is the one you can follow.

ip access exte smtp-block
permit tcp 10.1.1.0 0.0.0.15 host smtp-server-ip eq smtp
permit tcp host 10.1.1.15 host smtp-server-ip eq smtp
permit tcp host 10.1.1.16 host smtp-server-ip eq smtp
permit tcp host 10.1.1.17 host smtp-server-ip eq smtp
permit tcp host 10.1.1.18 host smtp-server-ip eq smtp
permit tcp host 10.1.1.19 host smtp-server-ip eq smtp
deny tcp 10.1.1.0 0.0.0.255 host smtp-server-ip eq smtp
permit ip any any


Please rate all the helpfull posts.
Regards,
Naidu.

327
Views
0
Helpful
6
Replies
CreatePlease login to create content