Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

HowTo access-list blocking a specific port

Posted on 2006-11-01
2
Medium Priority
?
398 Views
Last Modified: 2008-01-09
I have to block all outbound SMTP trafic on one of my interfaces (firewall connection) of a cisco 3650 switch
it should block anything and allow only my mail server trafic.
I set this access list:
Extended IP access list 102
    10 permit tcp host mail_server_IP any eq smtp
    20 deny tcp any any eq smtp

when I try to add that access-list to the required interface I don't have "out" option:
conf t
int g0/1 (the interface I want to block)
ip access-group 102 in (in is the only option & I need out)

what was I doing wrong?
why didn't I get the "out" option?

applying this access-list with "in" option blocked all outbound trafic on this port
0
Comment
Question by:chuku
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 17

Author Comment

by:chuku
ID: 17866071
found the problem, here is the correct settings:
Extended IP access list 105
    10 permit tcp any host mail_server_ip
    20 permit tcp host mail_server_ip any eq smtp
    30 permit tcp any host mail_server_ip eq smtp
    40 deny tcp any any eq smtp log
    50 permit ip any any
0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 17869906
Closed, 50 points refunded.
CetusMOD
Community Support Moderator
0

Featured Post

The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question