03-19-2009 09:41 AM - edited 03-06-2019 04:42 AM
Hi.
How can I block the communication between two servers on port 8010 on a 4506 switch?. I can do it for access lists?
Thanks in advance,
R@M
03-19-2009 09:51 AM
Yes you can.
If the servers are on different vlans then you can just standard acl's on the L3 vlan interfaces.
If the servers are on the same vlan then you can use vlan maps to restrict access.
See this link for 4500 acl configuration details -
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/44sg/configuration/guide/secure.html
Jon
03-19-2009 11:34 AM
Thank you very much Jon.
then for my case the setup would be:
Switch(config)# ip access-list extended 8010
Switch(config-ext-nacl)# permit udp host x.x.x.x host x.x.x.x eq 8010
Switch(config-ext-nacl)# exit
Next, create a VLAN access map named map2 so that traffic that matches the http access list is dropped and all other IP traffic is forwarded, as follows:
Switch(config)# vlan access-map map2 10
Switch(config-access-map)# match ip address 8010
Switch(config-access-map)# action drop
Switch(config-access-map)# exit
Switch(config)# ip access-list extended match_all
Switch(config-ext-nacl)# permit ip any any
Switch(config-ext-nacl)# exit
Switch(config)# vlan access-map map2 20
Switch(config-access-map)# match ip address match_all
Switch(config-access-map)# action forward
Then, apply the VLAN access map named map2 to VLAN 1, as follows:
Switch(config)# vlan filter map2 vlan 1
This would block traffic to this port in both directions?
Thanks again,
R@M
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: