Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Trouble in BLocking Ports

Hi freinds,

We have 3 subnets in our office, Configured as secondary Interfaces on the Router. Our Servers are spread across these 3 subnets. Say if I block a port on server sitting in Subnet A through access list, and run a port scan from any node on subnet A , The port is not blocked as ROuter will not come into picture for communication between systems on the same subnet. where as if i scan a server in Subnet B it shows port blocked as i must go through the router to access the secondary subnet and it gets filtered by the access list.

Request a solution for this problem.


Re: Trouble in BLocking Ports

This is not a "problem". This is how it works. When you want to filter traffic to/from your servers move them to a separate subnet so that all server-traffic has to pass the router. This might have impact on your performance, depending on the hardware you are using.

New Member

Re: Trouble in BLocking Ports

Dear iggi,

Any work around other than shifting the Srervers into a single subnet ?

New Member

Re: Trouble in BLocking Ports


Yes you can use a funktion in cisco switches called port protected.

This will force all L2 traffic on ports configured with this to be pushed down to your router and sent with L3.

You can reda about konfigureing this on 3500 switches here:

/Regards Jonas

CreatePlease login to create content