ACL configuration issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-29-2015 12:07 PM - edited 03-08-2019 01:10 AM
Hi,
I have cisco catalyst 3560 switch .
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 52 WS-C3560G-48TS 12.2(25)SEB4 C3560-IPSERVICESK9-M
I connected my device under test to the one of the gig port on the switch ,I wanted to do the following
From the switch to DUT I wanted to allow only following TCP/UDP port And discard all other TCP/UDP port .
TCP – 6021, 5168, 80, 23, 20, 21, 69, 123
UDP – 2065, 161,5050,999, 123, 69, 20, 21, 123
From DUT to switch allow all TCP/UDP ports
I have configured the following ACL on the gig port in which my DUT is connected . The problem ACL’s are permitting the only specified TCP/UDP port towards ingress to my device under test . But the issue is from DUT test to switch all the TCP/UDP port are denied .
access-list 100 permit tcp any any eq 6021
access-list 100 permit tcp any any eq 5168
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq telnet
access-list 100 permit tcp any any eq ftp
access-list 100 permit tcp any any eq ftp-data
access-list 100 permit tcp any any eq 69
access-list 100 permit tcp any any eq 123
access-list 100 permit udp any any eq 2065
access-list 100 permit udp any any eq snmp
access-list 100 permit udp any any eq 5050
access-list 100 permit udp any any eq 999
access-list 100 permit udp any any eq ntp
access-list 100 permit udp any any eq tftp
access-list 100 permit udp any any eq 20
access-list 100 permit udp any any eq 21
access-list 100 deny tcp any any
access-list 100 deny udp any any
access-list 100 deny ip 224.0.0.0 15.255.255.255 any log-input
access-list 100 permit ip any any
Is there any way I can configured ACL to permit specified TCP/UDP port mentioned in above towards the DEVICE under test and discard all other packets and vice versa from DUT to switch ? can you please help me in this regards ?
Please find the my network block diagram below
- Labels:
-
Other Switching
