Hello I have a core switch, cisco 3550-24
it has 6 vlans on it, some ports are trunks some ports are access ports.
The switch routes all the vlan.
it has: VLAN1: 172.16.0.100/23 VLAN2: 172.16.2.254/24 VLAN4: 172.16.4.254/24 VLAN6: 172.16.6.254/24
all clients in the VLANs has as the default gw, the IP of the switch.
I would like to configure some ACL inbound (from the vlans to the switch) to filter out some packets, for example:
access-list 181 deny udp 172.16.0.0 0.0.255.255 any eq tftp access-list 181 deny tcp 172.16.0.0 0.0.255.255 any eq 135 access-list 181 deny udp 172.16.0.0 0.0.255.255 any eq 135 access-list 181 deny tcp 172.16.0.0 0.0.255.255 any range 137 139 access-list 181 deny udp 172.16.0.0 0.0.255.255 any range netbios-ns netbios-ss access-list 181 deny tcp 172.16.0.0 0.0.255.255 any eq 445 access-list 181 deny udp 172.16.0.0 0.0.255.255 any eq 445 access-list 181 deny tcp 172.16.0.0 0.0.255.255 any eq 593 access-list 181 deny udp 172.16.0.0 0.0.255.255 any eq 593 access-list 181 deny tcp 172.16.0.0 0.0.255.255 any eq 4444 access-list 181 permit ip 172.16.0.0 0.0.255.255 any access-list 181 deny ip any any log
I try to put this ACL inbound on the VLAN2 for example, but it doesnt match anything.
Can someone help me?