Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Protect Single port on switch

What I have is a single host connected to a port on a 3560 siwtch.  I want to allow this host to go wherever it needs to go, but I do not want other hosts to initiate connections to the host.

is this possible? If so how do I configure as I see that you can only configure inbound ACL's on a switchport and no reflexive acl's at all.

2 REPLIES
Hall of Fame Super Blue

Re: Protect Single port on switch

smolz wrote:

What I have is a single host connected to a port on a 3560 siwtch.  I want to allow this host to go wherever it needs to go, but I do not want other hosts to initiate connections to the host.

is this possible? If so how do I configure as I see that you can only configure inbound ACL's on a switchport and no reflexive acl's at all.

To be honest rather than try and get the switch to do it which i'm not sure you can even with a vlan access map because of the return traffic, it would be a whole lot easier to just install a host firewall which will allow you to block all incoming new connections. In fact, if memory serves me right, that is the default setting for XP firewall.

Jon

New Member

Re: Protect Single port on switch

you can use ACL (extended) , that you configure your ACL statement as follows:

put your host as a destination address and put any incoming connection as source.

hope that helps

regards,

Amro

145
Views
0
Helpful
2
Replies