Solved: Securing 3750

Danilo Dy · ‎03-30-2007

Hi,

If I configure HSRP in vlan interface, which is the best place to put the config below? Physical interface or vlan interface and why?

FYI, I put it in vlan interface because the routing information is there (i.e ip address and HSRP).

!

access-list 30 remark Multicast-filtering-ACL

access-list 30 deny 224.0.1.35 log

access-list 30 deny 224.0.1.60 log

access-list 30 deny 224.0.1.3 log

access-list 30 deny 224.0.1.2 log

access-list 30 deny 224.0.1.22 log

access-list 30 deny 224.0.1.24 log

access-list 30 deny 224.0.0.0 0.0.0.255 log

access-list 30 deny 239.0.0.0 0.255.255.255 log

access-list 30 permit 224.0.0.0 15.255.255.255 log

!

interface physical_or_vlan?

no ip redirects

no ip directed broadcast

no ip mask-reply

no ip unreachables

no ip proxy-arp

ip accounting access-violations

ip multicast boundary 30

no ip mroute-cache

ntp disable

no cdp enable

TIA

Jon Marshall · ‎03-30-2007

Hi Danilo

Not sure i fully understand. The layer 3 interface is the SVI so that is the logical place to put the layer 3 access-list that you have created.

When you say the physical interface which physical interface were you thinking of ?

If the physical interface was configured as a routed port then the access-list would go on there but this isn't what you have done.

Could you clarify ?

Jon

View solution in original post

Jon Marshall · ‎03-30-2007

Hi Danilo

Not sure i fully understand. The layer 3 interface is the SVI so that is the logical place to put the layer 3 access-list that you have created.

When you say the physical interface which physical interface were you thinking of ?

If the physical interface was configured as a routed port then the access-list would go on there but this isn't what you have done.

Could you clarify ?

Jon

Danilo Dy · ‎03-30-2007

Hi Jon,

Thanks for your reply.

I think you have answered my question. I just tried putting those config in the physical interface, it won't accept it if I don't put routing configuration on it.