Solved

Disable Http Access on Cisco Catalyst Switch

Posted on 2008-10-07
5
1,964 Views
Last Modified: 2012-05-05
Hi there. Can anyone tell me how to disable http access on a switch. We have multiple VLANS and i Want to restrict a network and allow only one IP to access the internet. I have tried the following but it doesnt seem to be working.
Millat_C_Switch(config)#access-list extended 110
Millat_C_Switch(config-ext-nacl)#100 permit ip any any
Millat_C_Switch(config-ext-nacl)#99 deny tcp host 192.168.x.x 0.0.0.0 eq www any
 
 
Millat_C_Switch(config-if)#ip ACCESS GROUP 110 IN

Open in new window

0
Comment
Question by:nasirsh
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22666049
You cannot do this on a Cat 2950 switch. The only switches that can do this are 3550 and above and other layer 3 switches that can have ACLs applied to VLAN interfaces (VACLS).
You will need a router or firewall to block this. This can't be done with a 2950.
Cheers! Let me know if you have any other questions!
0
 
LVL 4

Author Comment

by:nasirsh
ID: 22666076
Can i apply this on port rather then VLAN.
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22666081
Sorry, what the heck was I saying!? My brain was mixed up. You can, of course, have ACLs on a 2950. Aarrgghhhh!
What you need to do is create an ACL in the following order:
access-list 100 permit ip host 192.168.x.x any
access-list 100 deny tcp any any eq www
access-list 100 deny tcp any any eq https
access-list 100 permit ip any any
interface vlan x
ip access-group 100 out
Where VLAN x is the VLAN that is connected to the internet - that prevents all outgoing connections on HTTP and HTTPS (by internet do you mean web pages or all traffic?) except for to IP 192.168.x.x where 192.168.x.x is a host address - NOT a network address.
Cheers! Let me know if you have any questions! Sorry about that!
 
0
 
LVL 4

Author Comment

by:nasirsh
ID: 22666164
Thnx so much for your help
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22666227
I guess that did the trick?
Cheers!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question