Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

applying access-list to 2950 ethernet port

When applying the following accesslist to port 22 on my 2950 I get the following message:

access-list 101 permit tcp host 192.168.31.250 any eq www

access-list 101 permit tcp host 192.168.31.250 any eq 443

access-list 101 permit tcp host 192.168.31.250 any eq domain

access-list 101 permit tcp host 192.168.31.250 any established

access-list 101 deny ip any any

crete-sw01(config-if)#ip access-group 101 in

%Error: Access-list with 'TCP flags' keyword is not supported on Ethernet Interf

ace.

Please refer to the Software Configuration Guide for all the supported keywords

Is it possible to get around this?

1 REPLY
VIP Purple

Re: applying access-list to 2950 ethernet port

Hello Andy,

my mistake, it looks like the 2950 does not accept the ´established´ keyword...

I guess you need to apply the access list inbound to the Ethernet interface on your router.

Cisco 2950 Switches

Configuring Network Security with ACLs

Unsupported Features

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12122ea5/2950scg/swacl.htm#wp1043901

Regards,

GP

454
Views
0
Helpful
1
Replies