Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Securing 3750

Hi,

If I configure HSRP in vlan interface, which is the best place to put the config below? Physical interface or vlan interface and why?

FYI, I put it in vlan interface because the routing information is there (i.e ip address and HSRP).

!

access-list 30 remark Multicast-filtering-ACL

access-list 30 deny 224.0.1.35 log

access-list 30 deny 224.0.1.60 log

access-list 30 deny 224.0.1.3 log

access-list 30 deny 224.0.1.2 log

access-list 30 deny 224.0.1.22 log

access-list 30 deny 224.0.1.24 log

access-list 30 deny 224.0.0.0 0.0.0.255 log

access-list 30 deny 239.0.0.0 0.255.255.255 log

access-list 30 permit 224.0.0.0 15.255.255.255 log

!

interface physical_or_vlan?

no ip redirects

no ip directed broadcast

no ip mask-reply

no ip unreachables

no ip proxy-arp

ip accounting access-violations

ip multicast boundary 30

no ip mroute-cache

ntp disable

no cdp enable

TIA

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Securing 3750

Hi Danilo

Not sure i fully understand. The layer 3 interface is the SVI so that is the logical place to put the layer 3 access-list that you have created.

When you say the physical interface which physical interface were you thinking of ?

If the physical interface was configured as a routed port then the access-list would go on there but this isn't what you have done.

Could you clarify ?

Jon

2 REPLIES
Hall of Fame Super Blue

Re: Securing 3750

Hi Danilo

Not sure i fully understand. The layer 3 interface is the SVI so that is the logical place to put the layer 3 access-list that you have created.

When you say the physical interface which physical interface were you thinking of ?

If the physical interface was configured as a routed port then the access-list would go on there but this isn't what you have done.

Could you clarify ?

Jon

Re: Securing 3750

Hi Jon,

Thanks for your reply.

I think you have answered my question. I just tried putting those config in the physical interface, it won't accept it if I don't put routing configuration on it.

116
Views
0
Helpful
2
Replies