cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
886
Views
0
Helpful
7
Replies

Block a destination via switch

emadehsan
Level 1
Level 1

Hi

I have a 2950 Enhanced image catalyst switch

my goal is that do something to make only one destination (sepecific host) available for my source address clients.

how can I use access-list for this issue?

7 Replies 7

ankbhasi
Cisco Employee
Cisco Employee

Hi Friend,

You can configure extended access list and apply on to the physical interfaces

Check this link for more details

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12120ea2/2950scg/swacl.htm#wp1092483

HTH

Ankur

i have this config on my switch but i seems it doesnt work

access-list 101 permit any 172.16.100.70 0.0.0.255

---

i have also access-group command on the interface.

"172.16.100.70 is my target for clients"

Hi Friend,

What are the results...are the clients able to reach everybody I mean something other than 172.16 network?

Regards,

Ankur

Hi,

ACLs applied to a physical interface has a limitation of one mask

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12120ea2/2950scg/swacl.htm#wp1082773

HTH

Narayan

try applying below statement in the access list and apply it in the interface.

access-list 101 permit any host 172.16.100.70 log

try to access this host from few PCs and check your ACL if it is getting hit.

Do not use logging (log keyword) in switches access-lists - all packets matching access-list rows with log keyword must be sent to CPU instead of processing in hardware. This will significantly degrade the switches performace.

//Mikhail Galiulin

your acl does not make sense..

access-list 101 permit any 172.16.100.70 0.0.0.255

You have are defining a host address, but a /24 mask...

it should be access-list 101 permit any host 172.16.100.70

Jens