Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1079
Views
0
Helpful
5
Replies

per port ACL on 2950

Anand Narayana
Level 6
Level 6

‎09-16-2006 02:19 AM - edited ‎03-03-2019 05:04 AM

Hi,

port based ACL is possible on 2950? i mean my requirement as follows on a vlan having diff. network segment, switches are vlan 5, servers vlan 6, clients vlan 7, pc vlan 8,they interconnect each other, layer 3 - 3750, layer 2 - 2950, on one of the switch port fas 0/1 a pc is connected ip address 192.168.1.1/24, only a pc having 192.168.1.1/24 connected on this port can access other pc/server on the network, if the pc ip address is been changed to 192.168.1.2 ,it should not reach other pc/server, i think it is possibile with the following

switch configuration

interface fastethernet 0/1

switchport access vlan 8

switchport mode access

ip access-group 101 in

spanning-tree portfast

interface gigabitethernet 0/1

description ***connected to 3750***

switchport mode trunk

interface vlan 5

ip address 10.1.1.2 255.255.255.0

ip default-gateway 10.1.1.254

access-list 101 permit ip host 192.168.1.1 0.0.0.255 any.

am i right? if not correct.

note: in 3750 vlan is configured, i don't wanted to put any access-list on this,as i wanted a port based access-list on the edge switches only, only then it will satisfy my need.

Labels:
0 Helpful
5 Replies 5

rajinikanth
Level 3
Level 3

‎09-16-2006 06:34 AM

Hi anand,

your access list statement

access-list 101 permit ip host 192.168.1.1 0.0.0.255 any

will permit entire 192.168.1.x network with your wild card mask 0.0.0.255

i think you need to change it to

access-list 101 permit ip 192.168.1.1 0.0.0.0 any

or

access-list 101 permit ip host192.168.1.1 any

other config is fine it should work fine.

HTH

Thanks

Raj

0 Helpful

Wilson Samuel
Level 7
Level 7

‎09-16-2006 07:17 AM

Hi,

If I'm correct, then Switch 2950 is a L-2 switch and doesnt understand anything beyod L-2. Hence I really doubt implementation of a L-3 Access-List on any Physical Port of the 2950 Switch.

Kind Regards,

Wilson Samuel

PS: Please rate if it helps.

0 Helpful

amit-singh
Level 8
Level 8

‎09-16-2006 07:36 AM

Hi Ananad,

Please let us know the model number of the switch 2950. 2950 switch with EMI (enhanced image) we can set the ACLs.

Following switches are the Enhanced image 2950 swicthes (Catalyst 2950G-48, 2950G-24, 2950G-24-DC, 2950T-24, 2950C-24, 2950G-12.

Please refer the link below:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12122ea7/scg/swacl.htm#wp1043920

HTH, Please rate if it does.

-amit singh

0 Helpful

Wilson Samuel
Level 7
Level 7
In response to amit-singh

‎09-16-2006 09:13 AM

Hi Amit,

Thanks for pasting this link.

I'm now updated with the latest developments in the 2950 Series switches.

Kind Regards.

Wilson Samuel

0 Helpful

Anand Narayana
Level 6
Level 6
In response to amit-singh

‎09-16-2006 10:49 AM

THankz for the reply,

my 2950 is EMI.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents