policy route-map question

Hi all,

I wan't to block tcp port 2967 in on interface FastEthernet0/7 How shall i do?

Regards Jan Rockstedt

interface FastEthernet0/7 description 100 switchport access vlan 21 switchport mode access no ip address speed 100 spanning-tree portfast spanning-tree bpdufilter enable

interface Vlan21 description 100 ip address secondary ip address secondary ip address ip policy route-map SONG

route-map SONG permit 10 match ip address 100 set ip next-hop

access-list 100 deny ip access-list 100 deny ip access-list 100 permit ip any any
Reply to
Loading thread data ...

you cannot block it inbound on f0/7, it is configured as a switchport and you cannot apply an IP ACL to it, well....you can, but it won't do anything. You could block it on the vlan interface.

access-list 101 deny tcp any any eq 2967 access-list 101 permit ip any any int v21 ip access-group 101 out

Reply to
Brian V

Brian V skrev:


I did try this on the vlan21 first:

access-list 122 deny tcp any any eq 2967 access-list 122 permit tcp any any

But was the deny wrong with only tcp?


Reply to

all udp will be dropped as well as all icmp

Reply to
Brian V

Usually last line in an access-list is "permit ip any any". If you permit TCP only, you may (and will) block all "internal stuff" like multicast, broadcast, UDP, etc.

Good luck,


------ Cisco IP Phone PC Headset Adapters

formatting link

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.