Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1236
Views
0
Helpful
0
Replies

ACL problems on an SG-300 20

VWDerf1234
Level 1
Level 1

‎02-18-2012 11:40 AM

Hi,

I'm  setting up an SG-300 and would like to block some traffic with ACLs.  While I'm  new to cisco products, I was able to easily setup an IP based ACL to restrict  certain IPs from accessing specific ports, but my problem is with applying these  ACLs to specific protocols.  When I add them the protocols are blocked  effectively, but I can't seem to allow any traffic to return on a different  port. I can't seem to figure out how to apply the ACL to traffic in one  direction and allow other ports to send the data back on other ports (ie with  ftp).  Service using those ports seem to hang.  I've even put the switch into Layer 3 mode to see if that would change things, with no luck.

Below  is a snippet of my ACL:

ip  access-list extended "Webserver port restrictions"

permit  icmp any any any any

permit  tcp any 20-22 any any

exit

How  can I modify this to allow incoming traffic on port 20 to be returned on other  ports, but still block those other ports from incoming traffic?

Thanks,

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents