12-11-2009 11:24 AM - edited 03-06-2019 08:55 AM
What I have is a single host connected to a port on a 3560 siwtch. I want to allow this host to go wherever it needs to go, but I do not want other hosts to initiate connections to the host.
is this possible? If so how do I configure as I see that you can only configure inbound ACL's on a switchport and no reflexive acl's at all.
12-11-2009 01:30 PM
smolz wrote:
What I have is a single host connected to a port on a 3560 siwtch. I want to allow this host to go wherever it needs to go, but I do not want other hosts to initiate connections to the host.
is this possible? If so how do I configure as I see that you can only configure inbound ACL's on a switchport and no reflexive acl's at all.
To be honest rather than try and get the switch to do it which i'm not sure you can even with a vlan access map because of the return traffic, it would be a whole lot easier to just install a host firewall which will allow you to block all incoming new connections. In fact, if memory serves me right, that is the default setting for XP firewall.
Jon
12-12-2009 10:30 AM
you can use ACL (extended) , that you configure your ACL statement as follows:
put your host as a destination address and put any incoming connection as source.
hope that helps
regards,
Amro
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide