cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

245
Views
0
Helpful
0
Replies
Xu Zhang
Beginner

ACL best practices on SVI to protect server farm

H Guys,

My server farm is connect to a 6500 switch, vlan 2 (172.28.2.0/24) was assigned. 

Now I am working on a ACL to protect those servers. The requirement from server owner is to allow certain TCP ports (he provided some tcp port numbers).

I had created a draft ACL as below and think to apply it to SVI outbound direction. 

Do need your help to provide me some great ideas to make this acl better for the situation.

----------------------------------------------------------------------------------------------

ip access-list extended protect_vlan2
permit tcp any 172.28.2.0 0.0.0.255 eq www
permit tcp any 172.28.2.0 0.0.0.255 eq 443
permit tcp any 172.28.2.0 0.0.0.255 eq 554
permit tcp any 172.28.2.0 0.0.0.255 eq 3389
permit tcp any 172.28.2.0 0.0.0.255 eq 8080
deny   tcp any 172.28.2.0 0.0.0.255
deny   udp any 172.28.2.0 0.0.0.255
permit ip any 172.28.2.0 0.0.0.255

 

interface vlan 2

ip access-group protect_vlan2 out

-----------------------------------------------------------------------------------------------

 

Regards,

ZX

0 REPLIES 0
Content for Community-Ad