Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Blocking access to a specific host

Hi,

I have point-2-point link between our branch office to head-quarter...

We want to block access to a specific hosts at Head-Quarter from Branch-office.

But we have multiple VLANS at Branch-office

How could we block access to this host ??? The Host is a Server [Two Servers ]

11 REPLIES
New Member

Re: Blocking access to a specific host

You can put an acl in place on your edge interface denying traffic to those hosts. For example, if you have a PIX/ASA, you could do:

access-list outside_in extended deny ip any host

access-list outside_in extended deny ip any host

access-group outside_in in interface outside

HTH,

Paul

New Member

Re: Blocking access to a specific host

its a 3550 switch

to start with I need 3 VLANS to block these hosts.

what command is required on the VLAN to block these hosts.

New Member

Re: Blocking access to a specific host

Ronald-

Are you using the 3550 in Layer3 mode? What is the topology on each end?

Paul

New Member

Re: Blocking access to a specific host

3550 is on Layer3 Mode.

Any advice.

New Member

Re: Blocking access to a specific host

Ronald-

You can apply an access-list to the uplink port of the 3550. I assume that you have the uplink at L3 and the rest as switchports since you mentioned 3 VLANs. Can you post your config?

Paul

Re: Blocking access to a specific host

Hi,

U can do that by configuring the following on the Switchport:

"Switchport mode protected", this will eleminate access to the host reside on the port.

HTH

Mohamed

New Member

Re: Blocking access to a specific host

Users are located on Different location in the Building so I feel restricting on trunks are not easy....

Mohammed please ellaborate more on Swithcport mode protected... how to configure this for my scenario.....

Kindly advice on the config

The Vlan I wanna restrict is

VLAN 100

int vlan 100

description BLOCK C VLAN

ip address 172.16.1.0 255.255.255.0

ip access-group Restrict-ATARI

ip access-list extended Restrict-ATARI

deny ip 172.16.1.0 0.0.0.255 host 192.168.1.222

permit ip any any

Re: Blocking access to a specific host

So, you want to deny access at layer-3 using access-list.right?

Could u please tell in which vlan the Host reside? what 192.168.x.x represent? Do u want to deny access from 172.x subnet toward the host? pls clarify more..

Thanks,

Mohamed

New Member

Re: Blocking access to a specific host

User VLan is VLAN 100

Server1 : 192.168.1.222

Server2 : 192.168.1.111

I want to restrict user-vlan 100 from accessing the Server1 && Server2 only and permit others.

{ description in VLAN 100 " BLOCK C VLAN " means Building-C )

Hall of Fame Super Gold

Re: Blocking access to a specific host

Access list should be applied nearest the server(s):

access-list 101 deny ip 172.16.1.0 0.0.0.255 host 192.168.1.111

access-list 101 deny ip 172.16.1.0 0.0.0.255 host 192.168.1.222

permit ip any any

int vlan 100

access group 101 in

New Member

Re: Blocking access to a specific host

Thanks for your reply.

I would like to understand what is the technical difference or benefits on applying the ACL near the Server or applying the ACL on User-VLAN.

Appreciate your help.

179
Views
0
Helpful
11
Replies