11-18-2004 05:34 PM - edited 03-02-2019 08:03 PM
Hi,
I like to create one vlan and allow only tcp port 80. I am running layer three switches. we have multiple vlans running within the network. my question is that do I just apply an access list on layer three vlan interface inbound or both in and out. Thanks in advance
11-18-2004 07:45 PM
That should be all you need on your l3 switch . Whether you apply it both in or out is really up to you and how you want it to affect your traffic , if want only port 80 in and out then apply it in and out .
11-18-2004 08:43 PM
Thanks, how about the packets that are switched and not routed. does the access-list applies to them too.
Thanks
11-19-2004 12:13 AM
Hi,
you can apply ACLs to L2 interfaces and even VLANs.
But there are pretty complicated rules and limitations on 3550s.
See http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225se/3550scg/swacl.htm#wp1046692
for details.
Regards,
Milan
11-19-2004 07:44 AM
we have more then one vlan. I like to use an exteneded access-list on that perticular vlan.I like to allow dhcp request and port 80 only. what is best vlan map or exteneded access-list. so anyone who is on that vlan will have internet access only. Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide