Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

cisco 851 LAN port restrictions

how can i restrict an ip access on the one of the LAN ports, let it be the fa0 for example.

I tryed access group but even deny any any doesn't work, i think that acl doesn't work on LAN ports, can you help me?

3 REPLIES

Re: cisco 851 LAN port restrictions

Hello there!

Never used a 851 router but judging by the following link I dont see why you could not configure the ACL on this Fe interfaces.

http://www.cisco.com/en/US/products/hw/routers/ps380/products_configuration_guide_chapter09186a008045d283.html#wp1119321

could you please paste the configurations you are using (exact words).

example on the cisco site:

interface FastEthernet4

ip address 192.168.12.2 255.255.255.0

no ip directed-broadcast (default)

speed auto

ip nat outside

ip access-group 103 in

access-list 103 permit udp host 200.1.1.1 any eq isakmp

access-list 103 permit udp host 200.1.1.1 eq isakmp any

access-list 103 permit esp host 200.1.1.1 any

access-list 103 permit icmp any any

access-list 103 deny ip any any

Please rate the post, if it helps.

Vlad

Bronze

Re: cisco 851 LAN port restrictions

Hello,

FastEthernet4 is the routable LAN port, and the access list would indeed work here. But for ports 0 thru 3, since these are layer 2 only ports, the access list likely doesn´t work. I do not have an 851 router available to test this, so my apologies if I might be off here, but I am thinking of the following:

851#

!

bridge irb

!

interface FastEthernet0

switchport access vlan 2

!

interface Vlan2

bridge-group 2

!

interface BVI2

ip address 192.168.2.1 255.255.255.0

ip nat inside

access-group 101 in

!

bridge 2 protocol ieee

bridge 2 route ip

So, basically, the FastEthernet0 is bound to BVI2, which is a virtual layer 3 interface, and to which you should be able to apply the access list. Just make sure that the IP address of the client uses the IP address of BVI2 as its default gateway (and has an IP address in the same subnet).

Can you try this out ?

Regards,

Nethelper

Community Member

Re: cisco 851 LAN port restrictions

thanks, lan is lan :) trying to use different vlans and VTP ...

113
Views
3
Helpful
3
Replies
CreatePlease to create content