11-18-2004 05:34 PM - edited 03-02-2019 08:03 PM
Hi,
I like to create one vlan and allow only tcp port 80. I am running layer three switches. we have multiple vlans running within the network. my question is that do I just apply an access list on layer three vlan interface inbound or both in and out. Thanks in advance
11-18-2004 07:45 PM
That should be all you need on your l3 switch . Whether you apply it both in or out is really up to you and how you want it to affect your traffic , if want only port 80 in and out then apply it in and out .
11-18-2004 08:43 PM
Thanks, how about the packets that are switched and not routed. does the access-list applies to them too.
Thanks
11-19-2004 12:13 AM
Hi,
you can apply ACLs to L2 interfaces and even VLANs.
But there are pretty complicated rules and limitations on 3550s.
See http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225se/3550scg/swacl.htm#wp1046692
for details.
Regards,
Milan
11-19-2004 07:44 AM
we have more then one vlan. I like to use an exteneded access-list on that perticular vlan.I like to allow dhcp request and port 80 only. what is best vlan map or exteneded access-list. so anyone who is on that vlan will have internet access only. Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: