Firewall in a cisco Catalyst 3750

hello , i wanna block some ports in one of my vlans in a cisco switch , i have conected to the switch in vlan 3 , the adsl bridge- modem, a linksys router , and one server have access to that vlan by trunking port, i need to block some ports from the server in the adsl internet conection at that vlan, where i need tu put the acl rules , in the server trunking port interface of the swich , in the vlan interfaces , i try the two ways and de ports still opens

# i use this rules access-list 102 deny tcp any any eq 8080 log access-list 102 deny tcp any any eq 5432 log access-list 102 deny tcp any any eq 3306 log access-list 102 permit ip any any

# at the adsl modem interface interface FastEthernet1/0/6 switchport access vlan 3 ip access-group 102 in

#at server trunking Port interface FastEthernet1/0/15 switchport trunk encapsulation dot1q switchport mode trunk ip access-group 102 in

Thank you for your help Best Regards

Reply to
Loading thread data ...

I'm not 100% but I think that Layer 3 access-lists don't work on layer 2 ports.

Reply to


The problem is that because of this line > switchport access vlan 3 on fa1/0/6, that port is only operating in Layer 2 mode (switchport) as a switched interface, therefore Layer 3 ACL's do not work. You need to apply a Layer 3 ACL to a ROUTED interface, so the solution is to change the interface definition into a Routed interface and the ACL should work there.

Reply to
Peter Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.