Cisco 6513 ACL deny all except www

mk0248 · ‎05-17-2005

Trying to set an ACL for a vlan to deny all ports except www in and out. Any suggestions how I can set this up?

will2320 · ‎05-17-2005

if you set up many vlans, should use VACL for your questions. It's the same as normal ACL, just for vlan more flexible.

At first, just define which networks you're going to enable, then make named ACL.

if you have Vlan 12-16...

router(config)# ip access-list extended www

router(config-ext-nacl)#permit tcp 10.10.10.0 0.0.0.255 eq www any

Router(config)# vlan access-map www 10

Router(config-access-map)# match ip address www

Router(config-access-map)# action forward

Router(config-access-map)# exit

Router(config)# vlan filter www vlan-list 12-16

and don't need define deny command due to defult drop action by VCL.

mk0248 · ‎05-18-2005

Will, the commands would not work on 6513 CatOS version 7.6.6. It would have to be a security acl commands. I might have to conf a port in our 3500xl switch to make this work.

Thanks

will2320 · ‎05-18-2005

sorry i did not know it has CatOS. I thought IOS.

mk0248 · ‎05-19-2005

no problem. I should have explained myself in detail. Thanks for your input.

paddyxdoyle · ‎05-19-2005

Have you got an MSFC or RSM on your switch?

Rgsd

Paddy