Firewall in a cisco Catalyst 3750

- G
- gferragut
  
  Contact options for registered users
posted
16 years ago

Fri, Apr 20, 2007 10:51 AM

hello , i wanna block some ports in one of my vlans in a cisco switch , i have conected to the switch in vlan 3 , the adsl bridge- modem, a linksys router , and one server have access to that vlan by trunking port, i need to block some ports from the server in the adsl internet conection at that vlan, where i need tu put the acl rules , in the server trunking port interface of the swich , in the vlan interfaces , i try the two ways and de ports still opens

# i use this rules access-list 102 deny tcp any any eq 8080 log access-list 102 deny tcp any any eq 5432 log access-list 102 deny tcp any any eq 3306 log access-list 102 permit ip any any

# at the adsl modem interface interface FastEthernet1/0/6 switchport access vlan 3 ip access-group 102 in

#at server trunking Port interface FastEthernet1/0/15 switchport trunk encapsulation dot1q switchport mode trunk ip access-group 102 in

Thank you for your help Best Regards

- B
- Bod43
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Fri, Apr 20, 2007 6:32 PM

I'm not 100% but I think that Layer 3 access-lists don't work on layer 2 ports.

- P
- Peter
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Sat, Apr 21, 2007 3:09 AM

Greetings,

The problem is that because of this line > switchport access vlan 3 on fa1/0/6, that port is only operating in Layer 2 mode (switchport) as a switched interface, therefore Layer 3 ACL's do not work. You need to apply a Layer 3 ACL to a ROUTED interface, so the solution is to change the interface definition into a Routed interface and the ACL should work there.

Cheers.................pk.