Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Blocking services....

Hello,

Is there a way to block ftp, ssh, telnet services for an user-switch.

All users connected to user-switch should be denied access to the above services...

Can someone assist with configuration..

4 REPLIES
Hall of Fame Super Silver

Re: Blocking services....

Hello Amin,

if the switch provides L3 services and there are defined L3 interfaces like SVIs you can apply an extended ACL.

example

access-list 101 deny tcp 10.10.10. 0.0.0.255 any eq ftp

access-list 101 deny tcp 10.10.10. 0.0.0.255 any eq telnet

access-list 101 deny tcp 10.10.10. 0.0.0.255 any eq ssh

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

int Vlan 10

ip address 10.10.10.1 255.255.255.0

ip access-group 101 in

Hope to help

Giuseppe

Community Member

Re: Blocking services....

Thanks for the help.

All user switches are layer2, what do you advice...

Hall of Fame Super Silver

Re: Blocking services....

Hello Amin,

you can filter on the first L3 device for sure.

Depending on the type of switches they could support VACL and so there would be a chance to apply an ACL at the VLAN level.

But this requires powerful devices.

What type of switches have you got ?

Hope to help

Giuseppe

Community Member

Re: Blocking services....

Thanks

We have 2960 Switches..

Have you found similar scenario in any production

207
Views
0
Helpful
4
Replies
CreatePlease to create content