02-16-2022 02:11 AM
Hello, i have an acl in vlan 120 like this:
permit tcp 172.18.120.0 0.0.0.255 host 192.168.0.34 eq smtp pop3 143 465 587 993
permit ip any any
is there any way to block all ports except those (smtp etc...)?
02-16-2022 02:50 AM
Hello,
not really sure what you are after, but the ACL has an implicit deny at the end. If you take out the last line, only the ports in the first line are allowed:
permit tcp 172.18.120.0 0.0.0.255 host 192.168.0.34 eq smtp pop3 143 465 587 993
--> no permit ip any any
02-16-2022 03:20 AM
Sorry, im gonna explain better: i have a VLAN 120, with ip 172.18.120.0 and want to have conection with mail server 192.168.0.34 with only those protocols (smtp pop3 143 465 587 993) and make sure others protocols are not working...
Also i placed the acl in vlan 120 like this: ip acces-group ACL in
02-16-2022 04:30 AM
Hello,
thanks for the explanation.
Just this one line should accomplish what you want to do:
permit tcp 172.18.120.0 0.0.0.255 host 192.168.0.34 eq smtp pop3 143 465 587 993
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide