Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
504
Views
0
Helpful
0
Replies

ACL best practices on SVI to protect server farm

Xu Zhang
Level 1
Level 1

‎05-11-2014 12:44 AM - edited ‎03-11-2019 09:10 PM

H Guys,

My server farm is connect to a 6500 switch, vlan 2 (172.28.2.0/24) was assigned. 

Now I am working on a ACL to protect those servers. The requirement from server owner is to allow certain TCP ports (he provided some tcp port numbers).

I had created a draft ACL as below and think to apply it to SVI outbound direction. 

Do need your help to provide me some great ideas to make this acl better for the situation.

----------------------------------------------------------------------------------------------

ip access-list extended protect_vlan2
permit tcp any 172.28.2.0 0.0.0.255 eq www
permit tcp any 172.28.2.0 0.0.0.255 eq 443
permit tcp any 172.28.2.0 0.0.0.255 eq 554
permit tcp any 172.28.2.0 0.0.0.255 eq 3389
permit tcp any 172.28.2.0 0.0.0.255 eq 8080
deny   tcp any 172.28.2.0 0.0.0.255
deny   udp any 172.28.2.0 0.0.0.255
permit ip any 172.28.2.0 0.0.0.255

 

interface vlan 2

ip access-group protect_vlan2 out

-----------------------------------------------------------------------------------------------

 

Regards,

ZX

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card