Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
474
Views
0
Helpful
3
Replies

Block all ports except some

Franfm
Level 1
Level 1

‎02-16-2022 02:11 AM

Hello, i have an acl in vlan 120 like this:


permit tcp 172.18.120.0 0.0.0.255 host 192.168.0.34 eq smtp pop3 143 465 587 993
permit ip any any

 

is there any way to block all ports except those (smtp etc...)?

 

Labels:
0 Helpful
3 Replies 3

Georg Pauwen
VIP
VIP

‎02-16-2022 02:50 AM

Hello,

 

not really sure what you are after, but the ACL has an implicit deny at the end. If you take out the last line, only the ports in the first line are allowed:

 

permit tcp 172.18.120.0 0.0.0.255 host 192.168.0.34 eq smtp pop3 143 465 587 993
--> no permit ip any any

0 Helpful

Franfm
Level 1
Level 1
In response to Georg Pauwen

‎02-16-2022 03:20 AM

Sorry, im gonna explain better: i have a VLAN 120, with ip 172.18.120.0 and want to have conection with mail server 192.168.0.34 with only those protocols (smtp pop3 143 465 587 993)  and make sure others protocols are not working...

 

Also i placed the acl in vlan 120 like this: ip acces-group ACL in

0 Helpful

Georg Pauwen
VIP
VIP
In response to Franfm

‎02-16-2022 04:30 AM

Hello,

 

thanks for the explanation.

 

Just this one line should accomplish what you want to do:

 

permit tcp 172.18.120.0 0.0.0.255 host 192.168.0.34 eq smtp pop3 143 465 587 993

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card