Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allow 3389, http, https

Hi!

I have a 24 Ports Cisco 3750 Switch. Is it possible to configure any of its port to allow only 3389, http and https requests coming from the IP Range 192.168.10.71, 192.168.10.100 Mask: 255.255.255.0 and block all others ports and IP Ranges?

Thanks!

4 REPLIES
Cisco Employee

Re: Allow 3389, http, https

Hi,

When you translate 71 and 100 into binary, it looks like:

71: 0100 0111

100: 0110 0100

Only the two first bits never change so the closest range to 71-100 is 64-127. So it doesn't worth it playing with the wildcard mask.

The ACL with the minimum number of lines will be the one with one line per IP address of the range 71-100 and per TCP port (29x3=87 lines):

access-list 100 permit tcp host 192.168.10.x any eq 3389

access-list 100 permit tcp host 192.168.10.x any eq 80

access-list 100 permit tcp host 192.168.10.x any eq 443

with 71<=x<=100

You can then apply this ACL in input on the port of the switch:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/configuration/guide/swacl.html#wp1667255

HTH

Laurent.

New Member

Re: Allow 3389, http, https

Just to add to what Laurent said - you could also use VACLS (VLAN ACLS) / VLAN Maps to control traffic contained within a VLAN. Laurent's configuration example would work between VLANs.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/configuration/guide/swacl.html#wp1667683

New Member

Re: Allow 3389, http, https

Can it be done from the Web Interface of the switch?

Thanks!

Cisco Employee

Re: Allow 3389, http, https

Sorry I'm a CLI guy ;-)

Laurent.

116
Views
0
Helpful
4
Replies