cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
402
Views
0
Helpful
3
Replies

Block all ports except some

Franfm
Level 1
Level 1

Hello, i have an acl in vlan 120 like this:


permit tcp 172.18.120.0 0.0.0.255 host 192.168.0.34 eq smtp pop3 143 465 587 993
permit ip any any

 

is there any way to block all ports except those (smtp etc...)?

 

3 Replies 3

Hello,

 

not really sure what you are after, but the ACL has an implicit deny at the end. If you take out the last line, only the ports in the first line are allowed:

 

permit tcp 172.18.120.0 0.0.0.255 host 192.168.0.34 eq smtp pop3 143 465 587 993
--> no permit ip any any

Sorry, im gonna explain better: i have a VLAN 120, with ip 172.18.120.0 and want to have conection with mail server 192.168.0.34 with only those protocols (smtp pop3 143 465 587 993)  and make sure others protocols are not working...

 

Also i placed the acl in vlan 120 like this: ip acces-group ACL in

Hello,

 

thanks for the explanation.

 

Just this one line should accomplish what you want to do:

 

permit tcp 172.18.120.0 0.0.0.255 host 192.168.0.34 eq smtp pop3 143 465 587 993

Review Cisco Networking for a $25 gift card