Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Need help, cisco 3550 and blocking outgoing connections

Need help, cisco 3550 and blocking outgoing connections 7 years 10 months ago #28903

  • vegeetz
  • vegeetz's Avatar
  • Offline
  • New Member
  • Posts: 6
  • Karma: 0
Hi,

I have a couple of VLANS on a 3550, I would like to block traffic going out to certain hosts. Basically I don't a particular vlan to visit or send mail to /24 network address.

Can anyone show me how this can be done?

Thanks,
The administrator has disabled public write access.

Re: Need help, cisco 3550 and blocking outgoing connections 7 years 10 months ago #28906

  • RA1313IT
  • RA1313IT's Avatar
  • Offline
  • New Member
  • Posts: 19
  • Karma: 0
vegeetz,

This can be done with a simple ACL. I'm a little confused if you just want to block email or all traffic to this particular network. I'll explain both.

First create your ACL:

3550switch(config)#ip access-list extended BlockMail
3550switch(config-ext-nacl)#deny tcp any 192.168.1.0 0.0.0.255 eq smtp
3550switch(config-ext-nacl)#permit ip any any

Next apply your ACL to an interface. Select the direction you want to apply the ACL with either "in" or "out". Normally, you want to apply extended access-lists closest to the source.

3550switch(config)#interface fastEthernet0/1
3550switch(config-if)#ip access-group BlockMail in

This should drop incoming traffic on port fa0/1 destined for the 192.168.1.0/24 subnet on tcp port 25 (email). You must use the 'permit ip any any' statement because there is an implicit deny at the end of every ACL. This means that if traffic does not match any of the ACL statements, it will automatically be dropped. The permit ip any any statement allows all other IP traffic.

If you wish to block all traffic, simply change the ACL:

3550switch(config-ext-nacl)#deny any 192.168.1.0 0.0.0.255
3550switch(config-ext-nacl)#permit ip any any

Hope this helps
The administrator has disabled public write access.
Time to create page: 0.071 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup