I have a 3750 that is connected to another network via a layer-2 type connection. I have a specific set of tcp and udp ports that I want to allow access to via this switch. In taking a look at the documentation I see that I can apply Port ACL's directly to layer-2 interfaces, but that it will only work "inbound" to the switch.
Will this work:
If I have (bad ascii net diagram):
I want to put an ACL on the l2 uplink from switchB to the wan (WAN is a metro-ethernet type l2 wan extension - rtr is a router) that only allows hosta to hit tcp ports 1000,2000 and 3000 on hosts sitting on switchb. I want to allow hosts on switchb to do whatever they want to hosta. Is it as simple as:
ip access-list 101 permit tcp any any eq 1000
ip access-list 101 permit tcp any any eq 2000
ip access-list 101 permit tcp any any eq 3000
and then applying that ACL onto the l2 uplink interface on switchb? Thinking that since Port ACL's only affect "inbound" direction - allowing inbound connections on the l2 uplink gets the packets onto my hosts on switchb, and there is nothing preventing the return traffic or new tcp connections from hosts on switchb -> hosta...?
As per document, You can configure only one type of per-user ACLs on a Catalyst 3750 switch port: router ACLs or port ACLs. Router ACLs apply to Layer 3 interfaces, and port ACLs apply to Layer 2 interfaces. If a port is configured with a port-based ACL, the switch rejects any attempt to configure a router-based ACL on the same port. However, if a port is configured with a router-based ACL and then a port-based ACL, the port-based ACL overwrites the router ACL.
while applying to the interface connecting to l2 port give "in" direction, but anyway out is not supported in l2 interfaces.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...