Solved: 3750 ip filtering - Page 2

gasparmenendez · ‎02-10-2017

Hi folks, I need to filter some ip addresses in a specific port of my Cisco 3750 Switch and want to see if that's possible. The scenario is as follow:

I have a bunch of channels coming from an AGB equipment and entering to the 3750 through interface gig 1/0/1 configured as access to vlan69. When I set int gig 1/0/2 to access vlan 69 and connect my laptop to that interface I can watch all channels with VLC. So far so good. Now, what I need is that in interface gig 1/0/2 be only some channels, not the whole bunch, is that possible??? I was thinking in an access list permiting only the channels I need and then ip access-group ACCESSLIST out, would that work???

Thanks in advance. BR

Julio E. Moisa · ‎02-15-2017

I would like to know what kind of device is connected to the switch on that interface. or do you have a topology?

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

gasparmenendez · ‎02-15-2017

thank you for helping me!!!

Topology attached...

Julio E. Moisa · ‎02-15-2017

Thank you,

Are you using any kind of traffic between the Cisco 3750 and the Arris device?

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

gasparmenendez · ‎02-15-2017

nop...

Julio E. Moisa · ‎02-15-2017

Apologies, the question is if you are using any kind of routing protocol or How are you passing the traffic from that device, any IP over the vlan 69 on the Arris devices?

My mistake, sorry.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

gasparmenendez · ‎02-15-2017

I don' t know that part since I didn't configure the Arris....I would need to check. Let me see if I can gain access to the Arris and get back to you.

Thanks a lot!!!

Julio E. Moisa · ‎02-15-2017

You are welcome, Yes I would like to know if the interface on the Arris devices is configured as trunk or it has an IP address.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

gasparmenendez · ‎02-15-2017

it's pretty basic:

SWTelevision2#show running-config
Building configuration...

Current configuration : 4407 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SWTelevision2
!
boot-start-marker
boot-end-marker
!
enable password 7 130F3013200A07792F
!
username X privilege 15 password 7 1430172C0921262E01302727234257
username X privilege 15 password 7 0025170B0D552C2123701C
username X privilege 15 password 7 151552540B39291C3B
!
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
aaa session-id common
switch 1 provision ws-c3750g-12s
system mtu routing 1500
ip domain-name somosggl.com
!
!
!
!
crypto pki trustpoint TP-self-signed-3365383040
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3365383040
revocation-check none
rsakeypair TP-self-signed-3365383040
!
!
crypto pki certificate chain TP-self-signed-3365383040
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333635 33383330 3430301E 170D3933 30333031 30303233
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33363533
38333034 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CE60 488716DB 3FE16A0A D0A9A39E A68909BD 3711093C DAAB5B7D EAAF2A4A
6E02C821 2C81862F E3A4AE90 266979D5 059CA052 874B49D7 7258B855 EA365276
CC183058 C3ED6CE6 495FDA97 491BCEA1 CB5CCC22 8090D39B AB879717 DA4E0535
CA1C1050 19484697 C762CA26 DBE9A40C 38DE43A5 579C6032 BA998BCE D60A7348
5B970203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
551D1104 1E301C82 1A535754 656C6576 6973696F 6E322E73 6F6D6F73 67676C2E
636F6D30 1F060355 1D230418 30168014 E9C0CBEC 7854D932 3359AD47 9B1E90D2
4911B253 301D0603 551D0E04 160414E9 C0CBEC78 54D93233 59AD479B 1E90D249
11B25330 0D06092A 864886F7 0D010104 05000381 81002997 E3AF00F8 8ACD4BA2
A3F74E70 A0EF8D5E 964E910A D77ABD66 74B0FEB4 19E2BB41 F433B854 0F79E070
B4D8EE0D 2AC73049 C64F08FA 28E82E0E 77E7CEF9 CB7A3A2D 475299C4 77A9064C
C767604A 1E0AEF9C FEF211AF C5A3D843 19FCC9B0 D4D36D21 19189B15 8A1EE06B
34CA7FB4 0BEAB873 A15AB9B8 73DFA151 041252F2 EEA8
quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 69
switchport mode trunk
ip access-group AGUERRERO-EXT in
!
interface GigabitEthernet1/0/2
description *** A Guerrero ***
switchport access vlan 69
switchport mode access
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
switchport access vlan 69
!
interface GigabitEthernet1/0/12
switchport access vlan 230
switchport mode access
!
interface Vlan1
no ip address
!
interface Vlan69
description ***** Canales TV *****
no ip address
!
interface Vlan230
description ** Management **
ip address 192.168.20.225 255.255.255.0
no ip route-cache
no ip mroute-cache
!
ip default-gateway 192.168.20.254
ip classless
ip http server
ip http secure-server
!
ip access-list standard AGUERRERO
permit 239.1.1.49
permit 239.1.1.25
deny   any
ip access-list standard ELCACTI
permit 192.168.0.2
deny   any
!
ip access-list extended AGUERRERO-EXT
permit ip host 239.1.1.49 any
permit ip host 239.1.1.25 any
deny   ip any any
!
logging 192.168.0.3
snmp-server community sw2960 RO ELCACTI
snmp-server contact control X
!
banner login ^C
*************************************************************
********************************************************
**************************************************
Acceso restringido, solo personal
                    Autorizado
**************************************************
*********************************************************
***************************************************************^C
!
line con 0
password 7 0501210E0A4A4D5A1D
logging synchronous
line vty 0 4
password 7 020C235A20000C7248
logging synchronous
transport input all
line vty 5 15
!
end

Julio E. Moisa · ‎02-15-2017

Thank you, mmm are you connecting other switch on the interface G1/0/1, or a router?

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

gasparmenendez · ‎02-15-2017

another Switch 3750...

I'll send you the topology in a moment

Julio E. Moisa · ‎02-15-2017

Thank you :-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<