Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
283
Views
3
Helpful
3
Replies

cisco 851 LAN port restrictions

NetMaxKar
Level 1
Level 1

‎03-04-2006 10:57 AM - edited ‎03-03-2019 02:07 AM

how can i restrict an ip access on the one of the LAN ports, let it be the fa0 for example.

I tryed access group but even deny any any doesn't work, i think that acl doesn't work on LAN ports, can you help me?

Labels:
0 Helpful
3 Replies 3

vladrac-ccna
Level 5
Level 5

‎03-04-2006 06:34 PM

Hello there!

Never used a 851 router but judging by the following link I dont see why you could not configure the ACL on this Fe interfaces.

http://www.cisco.com/en/US/products/hw/routers/ps380/products_configuration_guide_chapter09186a008045d283.html#wp1119321

could you please paste the configurations you are using (exact words).

example on the cisco site:

interface FastEthernet4

ip address 192.168.12.2 255.255.255.0

no ip directed-broadcast (default)

speed auto

ip nat outside

ip access-group 103 in

access-list 103 permit udp host 200.1.1.1 any eq isakmp

access-list 103 permit udp host 200.1.1.1 eq isakmp any

access-list 103 permit esp host 200.1.1.1 any

access-list 103 permit icmp any any

access-list 103 deny ip any any

Please rate the post, if it helps.

Vlad

0 Helpful

nethelper
Level 3
Level 3
In response to vladrac-ccna

‎03-05-2006 06:59 AM

Hello,

FastEthernet4 is the routable LAN port, and the access list would indeed work here. But for ports 0 thru 3, since these are layer 2 only ports, the access list likely doesn´t work. I do not have an 851 router available to test this, so my apologies if I might be off here, but I am thinking of the following:

851#

!

bridge irb

!

interface FastEthernet0

switchport access vlan 2

!

interface Vlan2

bridge-group 2

!

interface BVI2

ip address 192.168.2.1 255.255.255.0

ip nat inside

access-group 101 in

!

bridge 2 protocol ieee

bridge 2 route ip

So, basically, the FastEthernet0 is bound to BVI2, which is a virtual layer 3 interface, and to which you should be able to apply the access list. Just make sure that the IP address of the client uses the IP address of BVI2 as its default gateway (and has an IP address in the same subnet).

Can you try this out ?

Regards,

Nethelper

NetMaxKar
Level 1
Level 1
In response to nethelper

‎03-05-2006 10:30 AM

thanks, lan is lan :) trying to use different vlans and VTP ...

0 Helpful
Customers Also Viewed These Support Documents