Solved: VLAN ACL`s

maciejwrax · ‎07-24-2008

Hello All,

I would like to know that Can I define ACL on my 3750. I would like to do ACl witch have permits for ports and services (used by servers)which I defined and option any any to log on syslog. Is there any possibility to do that?

Thanks

Sebastian Helmer · ‎07-24-2008

Hello,

would this helps you? An extended ACL.

Here an example. You only need to bind these acl to an interface.

config terminal

"For all services and ports with the same acl number"

access-list 102 permit tcp "source+wildard" "detination+wildacrd" eq "Port or service"

access-list 102 deny any any

best regards

Sebastian

View solution in original post

Sebastian Helmer · ‎07-24-2008

Hello,

would this helps you? An extended ACL.

Here an example. You only need to bind these acl to an interface.

config terminal

"For all services and ports with the same acl number"

access-list 102 permit tcp "source+wildard" "detination+wildacrd" eq "Port or service"

access-list 102 deny any any

best regards

Sebastian

maciejwrax · ‎07-24-2008

Could You explain me "source+wildcard" I have example: one port to one server, then a I have service on port 1233 - Veritas Backup and it must be permit...so what syntax must be

best regards Maciek

maciejwrax · ‎07-24-2008

Ouuh I think i've got the answer:

access-list access-list-number {permit | deny} protocol source

source-wildcard [operator source-port] destination destination-wildcard

[operator destination-port] [precedence precedence-number] [tos tos]

[established] [log | log-input]

Pleace correct me I'm wrong

Sebastian Helmer · ‎07-24-2008

That is exactly what I mean. I tried only to explain it on an example.

here is what i would try.

access-list 102 permit tcp any 10.6.4.5 0.0.0.0 eq 1233

Sebastian

maciejwrax · ‎07-24-2008

Thanks For your great help :)