01-28-2009 11:42 AM - edited 03-06-2019 03:43 AM
Hello,
Is there a way to block ftp, ssh, telnet services for an user-switch.
All users connected to user-switch should be denied access to the above services...
Can someone assist with configuration..
01-28-2009 12:33 PM
Hello Amin,
if the switch provides L3 services and there are defined L3 interfaces like SVIs you can apply an extended ACL.
example
access-list 101 deny tcp 10.10.10. 0.0.0.255 any eq ftp
access-list 101 deny tcp 10.10.10. 0.0.0.255 any eq telnet
access-list 101 deny tcp 10.10.10. 0.0.0.255 any eq ssh
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
int Vlan 10
ip address 10.10.10.1 255.255.255.0
ip access-group 101 in
Hope to help
Giuseppe
01-28-2009 12:36 PM
Thanks for the help.
All user switches are layer2, what do you advice...
01-28-2009 12:41 PM
Hello Amin,
you can filter on the first L3 device for sure.
Depending on the type of switches they could support VACL and so there would be a chance to apply an ACL at the VLAN level.
But this requires powerful devices.
What type of switches have you got ?
Hope to help
Giuseppe
01-28-2009 01:07 PM
Thanks
We have 2960 Switches..
Have you found similar scenario in any production
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide