|
Posted by Brian V on January 11, 2007, 3:42 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>
> Brian V skrev:
>
>> > Hi all,
>> >
>> > I wan't to block tcp port 2967 in on interface FastEthernet0/7
>> > How shall i do?
>> >
>> > Regards Jan Rockstedt
>> >
>> > interface FastEthernet0/7
>> > description 100
>> > switchport access vlan 21
>> > switchport mode access
>> > no ip address
>> > speed 100
>> > spanning-tree portfast
>> > spanning-tree bpdufilter enable
>> >
>> > interface Vlan21
>> > description 100
>> > ip address 10.220.21.254 255.255.255.0 secondary
>> > ip address 10.21.2.254 255.255.255.0 secondary
>> > ip address 10.220.21.2 255.255.255.0
>> > ip policy route-map SONG
>> >
>> > route-map SONG permit 10
>> > match ip address 100
>> > set ip next-hop 172.20.254.2
>> >
>> > access-list 100 deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
>> > access-list 100 deny ip 10.0.0.0 0.255.255.255 192.168.0.0
>> > 0.0.255.255
>> > access-list 100 permit ip any any
>> >
>>
>> you cannot block it inbound on f0/7, it is configured as a switchport and
>> you cannot apply an IP ACL to it, well....you can, but it won't do
>> anything.
>> You could block it on the vlan interface.
>>
>> access-list 101 deny tcp any any eq 2967
>> access-list 101 permit ip any any
>> int v21
>> ip access-group 101 out
>
> Thanks,
>
> I did try this on the vlan21 first:
>
> access-list 122 deny tcp any any eq 2967
> access-list 122 permit tcp any any
>
> But was the deny wrong with only tcp?
>
> //Jan
>
all udp will be dropped as well as all icmp
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map