Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
361
Views
0
Helpful
4
Replies

Blocking services....

Amin Shaikh
Level 1
Level 1

‎01-28-2009 11:42 AM - edited ‎03-06-2019 03:43 AM

Hello,

Is there a way to block ftp, ssh, telnet services for an user-switch.

All users connected to user-switch should be denied access to the above services...

Can someone assist with configuration..

Labels:
0 Helpful
4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-28-2009 12:33 PM

Hello Amin,

if the switch provides L3 services and there are defined L3 interfaces like SVIs you can apply an extended ACL.

example

access-list 101 deny tcp 10.10.10. 0.0.0.255 any eq ftp

access-list 101 deny tcp 10.10.10. 0.0.0.255 any eq telnet

access-list 101 deny tcp 10.10.10. 0.0.0.255 any eq ssh

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

int Vlan 10

ip address 10.10.10.1 255.255.255.0

ip access-group 101 in

Hope to help

Giuseppe

0 Helpful

Amin Shaikh
Level 1
Level 1
In response to Giuseppe Larosa

‎01-28-2009 12:36 PM

Thanks for the help.

All user switches are layer2, what do you advice...

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Amin Shaikh

‎01-28-2009 12:41 PM

Hello Amin,

you can filter on the first L3 device for sure.

Depending on the type of switches they could support VACL and so there would be a chance to apply an ACL at the VLAN level.

But this requires powerful devices.

What type of switches have you got ?

Hope to help

Giuseppe

0 Helpful

Amin Shaikh
Level 1
Level 1
In response to Giuseppe Larosa

‎01-28-2009 01:07 PM

Thanks

We have 2960 Switches..

Have you found similar scenario in any production

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card