cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1931
Views
5
Helpful
11
Replies

Blocking http/https access from vlan1 to vlan33 on SG350X

NexusXP
Level 1
Level 1

Hello,

 

I am newbie, i replaced 2 switches with vlan33 protected by FW with 4 cisco 2x sg350x and 2x SX350X in Hybrid stack. The stack is now accessible from vlan1 and vlan33. Removing FW I have to filter accesses in http  https from vlan1 to vlan33. how can i do it, i tried but i lock everything or cmq accessible

11 Replies 11

balaji.bandi
Hall of Fame
Hall of Fame
Removing FW I have to filter accesses in http  https from vlan1 to vlan33

You are removing FW or you need FW rule to access VLAN 1and VLAN 33 to access devices ? can you clarify ?

 

what FW is this ?

 

explain what you have tried - where ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

NexusXP
Level 1
Level 1

before putting SG350X, SX350X in Hybrid Stack online I had 2 Dell 1052 switches with the same VLANs. Access to VLAN 33 (management) was managed by the policies on the PFSENSE firewall which had 2 network interfaces, one pointing to LAN (VLAN1, 192.168.0.254) other MANAGEMENT (VLAN33, 192.168.33.254). The policy allowed access for example from 192.168.0.40 to all MANAGEMENT (192.168.33.0). The stack has the same IPs, I would like to do the same thing. Allow access to VLAN33 only to certain IPs, for example 192.168.0.40. Now everyone can see http / https: //192.168.0.254 or 192.168.33.254.

Where you want to do this on switches ? or FW ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

NexusXP
Level 1
Level 1

Firewall (it was ONLY for access management between LAN and MANAGEMENT and navigation of the devices) and now I no longer have that VM, in addition to not changing the configuration of the infrastructure (gw, etc) to the switch I gave the same IPs.

Firewall you mean PFSENSE ?  Do you have any smalll network diagram show how it is connected to suggest better.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

NexusXP
Level 1
Level 1

sure, attached

Thanks

NexusXP
Level 1
Level 1

Hi Balaji

something comes to mind as a solution ?

Tomasz

I may have missed this thread due to many in my list to address.

 

If both VLAN Gateway point to PFSENSE

 

you need ti build a FW to block rquired services not to talk each other

 

below guide can help you :

 

https://nguvu.org/pfsense/pfsense-baseline-setup/#firewall%20rules

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

NexusXP
Level 1
Level 1

i know .. i no longer have pfsense, its work i would like to do at cisco stack. then allow access to the page "https://192.168.0.254/cs4005acaf/mts/config/log_off_page.htm" only some IPs on the LAN (vlan1) and block access to VLAN33 (Management) "https://192.168.33.254/ cs4005acaf / mts / config / log_off_page.htm "

May be i missed you mean in the picture after migration you no Longer have PFSENSE you like to do the ACL in SG 550 Switches ( is this switches hold your Layer 3 VLAN now ?)

 

https://video.cisco.com/video/6146343273001

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello BB,

you don't miss the pfsense firewall, it's no longer in the current configuration. firewall managed ONLY accesses in HTTP / HTTPS from 192.168.0.0/24 (VLAN1) to 192.168.33.0 VLAN 33 for device checks and maintenance. The same job now I would like to do at the cisco stack. i saw video guide where it explains how to block all flow between 2 vlan. I would like to block only http and https do you have a specific guide?

Review Cisco Networking for a $25 gift card