block ports

Ed Lo · ‎11-02-2017

Hello,

I want to block ports from certain networks. For example network 10.10.10.0 cannot connect to port 80 but can connect to port 25. I've been trying to do this by just blocking port 80 but it still goes through. I have local web server set up on a Linux machine in the same network and have been testing this by trying to blocking access to it. Below is how I've attempted to do this but it still goes through.

en
conf t
access-list 101 deny tcp any any eq 80
access-list 101 deny udp any any eq 80
access-list 101 permit ip any any
end

conf t
interface gigabitethernet0/0
ip access-group 101 in
exit
interface gigabitethernet0/0
ip access-group 101 in
end

Joseph W. Doherty · ‎11-02-2017

Is g0/0 a L3 port?

Julio E. Moisa · ‎11-02-2017

Hi

The extended ACL should be installed close as possible of the source, you could configure it as out instead in. I assume it is a router.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<