https://community.cisco.com/t5/network-security/vlan-interface-ip-protection-opened-ports/m-p/4675407#M1092959 <P>Hello everyone,</P><P>Q1) How can I block ports such as 443 on the VLAN x interface IP?</P><P>1) I tried ACL on the Inbound &amp; Outbound of the VLAN x but it does not work.</P><P>2) Physical router (who hosts the VLAN X interface IP) has been configured to allow port 443 BUT on the different VLAN the management VLAN. This allowed port 443 on the physical router management is used for the web management not for VLAN x.</P><P>Any advice, please</P><P>&nbsp;</P> Thu, 25 Aug 2022 14:37:47 GMT Serpent2010 2022-08-25T14:37:47Z https://community.cisco.com/t5/network-security/vlan-interface-ip-protection-opened-ports/m-p/4675407#M1092959 <P>Hello everyone,</P><P>Q1) How can I block ports such as 443 on the VLAN x interface IP?</P><P>1) I tried ACL on the Inbound &amp; Outbound of the VLAN x but it does not work.</P><P>2) Physical router (who hosts the VLAN X interface IP) has been configured to allow port 443 BUT on the different VLAN the management VLAN. This allowed port 443 on the physical router management is used for the web management not for VLAN x.</P><P>Any advice, please</P><P>&nbsp;</P> Thu, 25 Aug 2022 14:37:47 GMT https://community.cisco.com/t5/network-security/vlan-interface-ip-protection-opened-ports/m-p/4675407#M1092959 Serpent2010 2022-08-25T14:37:47Z https://community.cisco.com/t5/network-security/vlan-interface-ip-protection-opened-ports/m-p/4675413#M1092960 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/309008">@Serpent2010</a> define an ACL permitting/denying the relevant traffic then assign that ACL to the http server - "ip http access-class ACL-NAME" that should restrict http/https server traffic on the device.</P> Thu, 25 Aug 2022 14:44:48 GMT https://community.cisco.com/t5/network-security/vlan-interface-ip-protection-opened-ports/m-p/4675413#M1092960 Rob Ingram 2022-08-25T14:44:48Z https://community.cisco.com/t5/network-security/vlan-interface-ip-protection-opened-ports/m-p/4675420#M1092961 <P>Thanks for the quick reply, and that's working for the physical box http/https config but it does not work for the interface VLAN X IP.</P><P>In other words, the ACL will work perfectly for the management VLAN but it does not work for the VLAN x</P><P>I can redo the test to double check, if you want me to do that&nbsp;&nbsp;</P> Thu, 25 Aug 2022 14:51:08 GMT https://community.cisco.com/t5/network-security/vlan-interface-ip-protection-opened-ports/m-p/4675420#M1092961 Serpent2010 2022-08-25T14:51:08Z https://community.cisco.com/t5/network-security/vlan-interface-ip-protection-opened-ports/m-p/4675446#M1092966 <P>If the traffic is direct to VLAN then ACL not work, the ACL work for traffic pass through VLAN SVI no traffic direct to VLAN SVI.<BR />you need CoPP OR&nbsp;<BR />check the ip route, see the traffic come from and apply ACL IN in the next-hop not in VLAN SVI.&nbsp;</P> Thu, 25 Aug 2022 15:39:12 GMT https://community.cisco.com/t5/network-security/vlan-interface-ip-protection-opened-ports/m-p/4675446#M1092966 MHM Cisco World 2022-08-25T15:39:12Z https://community.cisco.com/t5/network-security/vlan-interface-ip-protection-opened-ports/m-p/4675465#M1092967 <P>You are correct and I will work on your suggestion, it is very interesting,&nbsp; to see if it will work as expected.</P><P>Many thanks&nbsp;</P> Thu, 25 Aug 2022 16:16:06 GMT https://community.cisco.com/t5/network-security/vlan-interface-ip-protection-opened-ports/m-p/4675465#M1092967 Serpent2010 2022-08-25T16:16:06Z https://community.cisco.com/t5/network-security/vlan-interface-ip-protection-opened-ports/m-p/4675472#M1092968 <P>You are so so welcome&nbsp;</P> Thu, 25 Aug 2022 16:31:26 GMT https://community.cisco.com/t5/network-security/vlan-interface-ip-protection-opened-ports/m-p/4675472#M1092968 MHM Cisco World 2022-08-25T16:31:26Z