Solved

Disable Http Access on Cisco Catalyst Switch

Posted on 2008-10-07
5
1,965 Views
Last Modified: 2012-05-05
Hi there. Can anyone tell me how to disable http access on a switch. We have multiple VLANS and i Want to restrict a network and allow only one IP to access the internet. I have tried the following but it doesnt seem to be working.
Millat_C_Switch(config)#access-list extended 110
Millat_C_Switch(config-ext-nacl)#100 permit ip any any
Millat_C_Switch(config-ext-nacl)#99 deny tcp host 192.168.x.x 0.0.0.0 eq www any
 
 
Millat_C_Switch(config-if)#ip ACCESS GROUP 110 IN

Open in new window

0
Comment
Question by:nasirsh
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22666049
You cannot do this on a Cat 2950 switch. The only switches that can do this are 3550 and above and other layer 3 switches that can have ACLs applied to VLAN interfaces (VACLS).
You will need a router or firewall to block this. This can't be done with a 2950.
Cheers! Let me know if you have any other questions!
0
 
LVL 4

Author Comment

by:nasirsh
ID: 22666076
Can i apply this on port rather then VLAN.
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22666081
Sorry, what the heck was I saying!? My brain was mixed up. You can, of course, have ACLs on a 2950. Aarrgghhhh!
What you need to do is create an ACL in the following order:
access-list 100 permit ip host 192.168.x.x any
access-list 100 deny tcp any any eq www
access-list 100 deny tcp any any eq https
access-list 100 permit ip any any
interface vlan x
ip access-group 100 out
Where VLAN x is the VLAN that is connected to the internet - that prevents all outgoing connections on HTTP and HTTPS (by internet do you mean web pages or all traffic?) except for to IP 192.168.x.x where 192.168.x.x is a host address - NOT a network address.
Cheers! Let me know if you have any questions! Sorry about that!
 
0
 
LVL 4

Author Comment

by:nasirsh
ID: 22666164
Thnx so much for your help
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22666227
I guess that did the trick?
Cheers!
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
2960 and a VLAN id of 1237 2 66
Connecting to CISCO 4402 WLC 3 45
CISCO Smartnet agreement 5 54
Vsphere web not showing changes made by ssh console 5 53
The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question