03-06-2019 06:30 PM
Hi there.
Need your expertise on this.
I've tried several ways to make an ACL on the cisco 4507r switch but it seems failed.
The situation is like this.
My pc is on VLAN 9 while i got an oracle server on VLAN 10 that use port 1521. For starters, i want to make a test to deny my ip address to access that particular server and my command are as below
deny tcp 192.200.9.126 0.0.0.255 192.200.10.14 0.0.0.255 eq 1521
but it's failed to do so. I still can connect to the server where the application/software can access to that particular server.
Is there any other way to do it?
Solved! Go to Solution.
03-07-2019 12:09 AM
Hello
No you do not have to apply the acl to the access port only to the svi of the vlan
access-list 100 deny tcp host 192.200.9.126 host 192.200.10.14 eq 1521
access-list 100 permit ip any any
int vlan 10
ip access-group 100 out
03-06-2019 06:58 PM
Hi @mrxlast ,
Try this acl to block your IP:
deny tcp host 192.200.9.126 host 192.200.10.14 eq 1521
permit ip any any
Remember that you must apply the ACL in the interface that will route that traffic
Query: do you know the use of port 1521?
https://www.speedguide.net/port.php?port=1521
Regards
03-06-2019 11:36 PM
Hi @luis_cordova ,
I'm aware about the port and I want to control the numbers of connection that connect to the server.
"Remember that you must apply the ACL in the interface that will route that traffic"
Does this means I have to configure it at the interface that connected with the server?
03-07-2019 12:09 AM
Hello
No you do not have to apply the acl to the access port only to the svi of the vlan
access-list 100 deny tcp host 192.200.9.126 host 192.200.10.14 eq 1521
access-list 100 permit ip any any
int vlan 10
ip access-group 100 out
03-07-2019 04:16 AM
Hi @mrxlast ,
In your case, the acl can be applied in the SVI associated with vlan 9, since the SVI in your switch is responsible for routing the traffic of that vlan.
For example, if your ACL has the number 101
S(config)#interface vlan 9
S(config-if)# ip access-group 101 in
Regards
03-07-2019 06:26 AM
While we are discussing aspects of access lists, such as do you assign the acl on an interface near the destination or near the source, we might also want to clarify that the acl is assigned as "in" or "out". This is from the perspective of the switch interface, so in is from the connected hosts coming into the switch interface and out is from the switch interface out to the connected hosts.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide