Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1300
Views
5
Helpful
3
Replies

3750-X Port ACL

onepingonly
Level 1
Level 1

‎12-11-2010 03:51 PM - edited ‎03-04-2019 10:45 AM

I have a 3750-X and I am trying to apply a port ACL to protect a server.

Port 17 has a server plugged into it that I am trying to protect and allow only two hosts to communicate with it. So I do the following:

access-list 17 permit xxx.xxx.xxx.1

access-list 17 permit xxx.xxx.xxx.2

Interface Gi1/0/17

- ip access-group 17 in

This kills all communication with the server from any host. What am I doing wrong here?

Thanks

Labels:
0 Helpful
3 Replies 3

lgijssel
Level 9
Level 9

‎12-11-2010 04:12 PM

Access-list 17 is a standard acl. It matches on source adresses.

Because it is applied to the port where the server is on, traffic is matched in the wrong direction.

You should change it to an extended acl (i.e. 117) and match source and destinations as desired.

regards,

Leo

0 Helpful

tstamatopoulos
Level 1
Level 1

‎12-12-2010 12:07 AM

change the direction,

ip access-group 17 out

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎12-12-2010 06:10 AM 

I have a 3750-X and I am trying to apply a port ACL to protect a server.
Port
17 has a server plugged into it that I am trying to protect and allow
only two hosts to communicate with it. So I do the following:
access-list 17 permit xxx.xxx.xxx.1
access-list 17 permit xxx.xxx.xxx.2
Interface Gi1/0/17
- ip access-group 17 in
This kills all communication with the server from any host. What am I doing wrong here?
Thanks

Hi,

check out the below link for configuring port based acl in switches

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/vacl.pdf

If you apply an ACL in the 'out' direction, the source can be anything while the destination can be 'any' or specfic host

if you apply an ACL on the 'in' direction, the source must be within the vlan subnet while the destination can be anything.

So apply acl in out direction with extended acl.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card