creating an access list on Cisco cat4506

Discussion in 'Hardware' started by chris.brown, Jun 18, 2009.

  1. chris.brown

    chris.brown

    Joined:
    Apr 29, 2009
    Messages:
    1
    Hi all,

    I'm really struggling to create an access list and need some help!

    I have a Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I5S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) in the business.

    I have 2 oscilloscopes that i need connecting to our LAN in which only one user on vlan 27 (10.22.27.12) wants to connect to via FTP and SMB. Also, dont want these 2 devices to be able to talk to anything on the LAN.

    IPs of oscilloscopes are on vlan 100 (10.25.100.20 and .21)

    I believe vlan 100 is already setup to allow external users the ability to come in and have access out but not be able to talk to anything on the lan

    I therefore believe the only way to do this is to create an access list accordingly but un-sure of the commands to put in to test it. As this switch is one of our main distribution switches i'm worried i'll mess something up in the process.

    Any advice would be gratefully received. I can give parts or all of the config if i've not explained myself very well?

    Thanks In Advance,
    Chris
     
    chris.brown, Jun 18, 2009
    #1
    1. Advertising

  2. chris.brown

    laf

    Joined:
    Jun 23, 2009
    Messages:
    4
    Ok, so there is VLAN 27, VLAN 100 and LAN; which VLAN your LAN represents?

    As I see it you need to put an ACL on the interface connecting those equipments; I assume you have a port access for VLAN 100 with the equipments connected in.

    SW(config)#ip access-list extendend protect_equip
    SW(config-ext-nacl)#permit tcp host 10.22.27.12 host 10.25.100.20 eq 21
    SW(config-ext-nacl)#permit tcp host 10.22.27.12 host 10.25.100.21 eq 21
    SW(config-ext-nacl)#permit tcp host 10.22.27.12 host 10.25.100.20 eq smb
    SW(config-ext-nacl)#permit tcp host 10.22.27.12 host 10.25.100.21 eq smb
    SW(config-ext-nacl)#deny tcp any host 10.25.100.20 eq 21
    SW(config-ext-nacl)#deny tcp any host 10.25.100.20 eq smb
    SW(config-ext-nacl)#deny tcp any host 10.25.100.21 eq 21
    SW(config-ext-nacl)#deny tcp any host 10.25.100.21 eq smb
    or more drastic
    router(config-ext-nacl)#deny ip any host 10.25.100.20
    router(config-ext-nacl)#deny ip any host 10.25.100.21
    SW(config-ext-nacl)#permit ip any any

    Then apply it on the interface:

    SW(config-if)#ip access-group protect_equip in
     
    laf, Jun 23, 2009
    #2
    1. Advertising

  3. chris.brown

    mprasad079

    Joined:
    Dec 23, 2012
    Messages:
    12
    Put ACL on l3 vlan which would be outbound and Prior doing any changes on production which is impacting, go through change management process
     
    mprasad079, Dec 23, 2012
    #3
  4. chris.brown

    Jeremy123

    Joined:
    Sep 22, 2013
    Messages:
    2
    http://uswahboutique

    Nice..

    • You can delete an entry from a named access list. Use the no permit or no deny command to delete the appropriate entry.
     
    Jeremy123, Sep 22, 2013
    #4
  5. chris.brown

    dawid70

    Joined:
    Dec 17, 2013
    Messages:
    1
    I am impress with this information you posted and by the way you got a good looking site. I like your good work.
     
    dawid70, Dec 17, 2013
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. PS2 gamer
    Replies:
    6
    Views:
    7,004
    Hansang Bae
    Jun 9, 2004
  2. paeengi8
    Replies:
    0
    Views:
    834
    paeengi8
    Jun 25, 2007
  3. Southern Kiwi
    Replies:
    6
    Views:
    2,248
    Southern Kiwi
    Mar 19, 2006
  4. Doug McIntyre

    Re: vlan question on cat4506 / sup IV

    Doug McIntyre, Jan 10, 2009, in forum: Cisco
    Replies:
    4
    Views:
    767
    bod43
    Jan 12, 2009
  5. bod43
    Replies:
    5
    Views:
    862
    bod43
    Aug 24, 2009
Loading...

Share This Page