ACL on cisco 3550-24-EMI

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Hello
I have a core switch, cisco 3550-24

it has 6 vlans on it, some ports are trunks some ports are access ports.

The switch routes all the vlan.

it has:
VLAN1: 172.16.0.100/23
VLAN2: 172.16.2.254/24
VLAN4: 172.16.4.254/24
VLAN6: 172.16.6.254/24

all clients in the VLANs has as the default gw, the IP of the switch.

I would like to configure some ACL inbound (from the vlans to the switch) to
filter out some packets, for example:

access-list 181 deny   udp 172.16.0.0 0.0.255.255 any eq tftp
access-list 181 deny   tcp 172.16.0.0 0.0.255.255 any eq 135
access-list 181 deny   udp 172.16.0.0 0.0.255.255 any eq 135
access-list 181 deny   tcp 172.16.0.0 0.0.255.255 any range 137 139
access-list 181 deny   udp 172.16.0.0 0.0.255.255 any range netbios-ns
netbios-ss
access-list 181 deny   tcp 172.16.0.0 0.0.255.255 any eq 445
access-list 181 deny   udp 172.16.0.0 0.0.255.255 any eq 445
access-list 181 deny   tcp 172.16.0.0 0.0.255.255 any eq 593
access-list 181 deny   udp 172.16.0.0 0.0.255.255 any eq 593
access-list 181 deny   tcp 172.16.0.0 0.0.255.255 any eq 4444
access-list 181 permit ip 172.16.0.0 0.0.255.255 any
access-list 181 deny   ip any any log

I try to put this ACL inbound on the VLAN2 for example, but it doesnt match
anything.

Can someone help me?



Site Timeline