I have a server which is serving secure web pages. However from time to time the websites stop responding, but the server is still working fine. This server only serves webpages for office members. (ie it's intranet, so no outside access allowed.)
I need to monitor the port of the server via my switch in order to see how many people access the site.
Am I correct by saying that I can set up and ACL to log access for port 443 and then apply it to the port the server connects to?
The problem is that the traffic don't traverse a layer 3 device (in this case a router). So it means the server is connected straight to the switch (port G1/0/2) and this specific port is what I am trying to monitor for traffic on port 443.
It depends on the platform - each one has different limitations. For example, I have mainly 4500, and on this you can apply a layer-3/4 access list on a layer-2 switchport, with certain complicated restrictions, which I shall try and outline for you. In this context, they are known as "Port ACLs" or PACL. You can find the full text in
I don't think a MAC ACL will help in this case because, AFAIK, MAC ACLs apply only to non-IP traffic. (I do know, however, that there are people on this board who disagree with me on that interpretation of the docs. So you could try it if you want to experiment.)
"After you create a MAC ACL, you can apply it to a Layer 2 interface to filter non-IP traffic coming in that interface."
Sadly, it seems that the 3750 does not support those PACLs I was telling you about. The best it can offer for your purposes, I think, is a VLAN access-map, or VACL. This will filter at layer-3 on the layer-2 bridge, but over the entire VLAN rather than on a single port. But I guess you could get what you want by carefully designing the ACL. Here is the reference:
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...