Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3099
Views
0
Helpful
2
Replies

Blocking traffic in single VLAN on port level

ajay-pawar
Level 1
Level 1

‎11-01-2010 11:23 AM - edited ‎03-06-2019 01:49 PM

Hi ,

      We have Cisco 3750 switch . Need to block traffic within single VLAN on TCP port 1443 .

      Please help.

Thanks & Regards

Ajay

Labels:
0 Helpful
2 Replies 2

glen.grant
VIP Alumni
VIP Alumni

‎11-01-2010 11:37 AM

   Write an ACL for the layer 3 SVI  for that vlan that will block the port you are looking to block. 

0 Helpful

Matthew Blanshard
Cisco Employee
Cisco Employee

‎11-01-2010 11:42 AM

Hello Ajay,

Sounds you a VACL would be the best option here for you.  Here's the configuration guide on VACL's:

http://tools.cisco.com/squish/fF099

Here's an example of how you would configure this:

Switch(config)# ip access-list extended no_1443
Switch(config-ext-nacl)# permit tcp any any eq 1443
Switch(config-ext-nacl)# exit

Switch(config)#ip access-list extended permit_any
Switch(config-ext-nacl)# permit ip any any
Switch(config-ext-nacl)# exit

Switch(config)# vlan access-map block_1443 10
Switch(config-access-map)# match ip address no_1443

Switch(config-access-map)# action drop

Switch(config-access-map)# exit

Switch(config)# vlan access-map block_1443 20

Switch(config-access-map)# match ip address permit_any

Switch(config-access-map)# action forward

Switch(config-access-map)# exit

Switch(config)# vlan filter block_1443

This will block all packets destined to tcp port 1443 within the vlan.  If you wanted to block tcp traffic sourced from that port you would add "permit tcp any eq 1443 any" to the access-list no_1443.

HTH,

Matt

0 Helpful
Customers Also Viewed These Support Documents