cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
419
Views
0
Helpful
0
Replies

ACL configuration issue

nareshkannas
Level 1
Level 1

Hi,

I have cisco catalyst 3560 switch .

Switch   Ports  Model              SW Version              SW Image
------   -----  -----              ----------              ----------
*    1   52     WS-C3560G-48TS     12.2(25)SEB4            C3560-IPSERVICESK9-M

 

I connected my device under test to the one of the gig port on the switch ,I wanted to do the following

 

From the switch to DUT  I wanted to allow only following TCP/UDP port And discard all other TCP/UDP port .

TCP – 6021, 5168, 80, 23, 20, 21, 69, 123
UDP – 2065, 161,5050,999, 123, 69, 20, 21, 123

 

From DUT to switch allow all TCP/UDP ports

I have  configured the following ACL on the gig port in which my DUT is connected . The problem  ACL’s are  permitting  the only specified TCP/UDP port towards ingress to my device under test .  But the issue is from DUT test to switch all the TCP/UDP port are denied .

 

access-list 100 permit tcp any any eq 6021

access-list 100 permit tcp any any eq 5168

access-list 100 permit tcp any any eq www

access-list 100 permit tcp any any eq telnet

access-list 100 permit tcp any any eq ftp

access-list 100 permit tcp any any eq ftp-data

access-list 100 permit tcp any any eq 69

access-list 100 permit tcp any any eq 123

access-list 100 permit udp any any eq 2065

access-list 100 permit udp any any eq snmp

access-list 100 permit udp any any eq 5050

access-list 100 permit udp any any eq 999

access-list 100 permit udp any any eq ntp

access-list 100 permit udp any any eq tftp

access-list 100 permit udp any any eq 20

access-list 100 permit udp any any eq 21

access-list 100 deny tcp any any

access-list 100 deny udp any any

access-list 100 deny ip 224.0.0.0 15.255.255.255 any log-input

access-list 100 permit ip any any

 

 

Is there any way I can configured ACL to  permit specified  TCP/UDP port mentioned in above towards the DEVICE under test   and discard all other packets  and vice versa from DUT to switch  ?   can you please help me in this regards ?

 

Please find the my network block diagram below

0 Replies 0