Solved

Disable Http Access on Cisco Catalyst Switch

Posted on 2008-10-07
5
1,957 Views
Last Modified: 2012-05-05
Hi there. Can anyone tell me how to disable http access on a switch. We have multiple VLANS and i Want to restrict a network and allow only one IP to access the internet. I have tried the following but it doesnt seem to be working.
Millat_C_Switch(config)#access-list extended 110

Millat_C_Switch(config-ext-nacl)#100 permit ip any any

Millat_C_Switch(config-ext-nacl)#99 deny tcp host 192.168.x.x 0.0.0.0 eq www any
 
 

Millat_C_Switch(config-if)#ip ACCESS GROUP 110 IN

Open in new window

0
Comment
Question by:nasirsh
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22666049
You cannot do this on a Cat 2950 switch. The only switches that can do this are 3550 and above and other layer 3 switches that can have ACLs applied to VLAN interfaces (VACLS).
You will need a router or firewall to block this. This can't be done with a 2950.
Cheers! Let me know if you have any other questions!
0
 
LVL 4

Author Comment

by:nasirsh
ID: 22666076
Can i apply this on port rather then VLAN.
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22666081
Sorry, what the heck was I saying!? My brain was mixed up. You can, of course, have ACLs on a 2950. Aarrgghhhh!
What you need to do is create an ACL in the following order:
access-list 100 permit ip host 192.168.x.x any
access-list 100 deny tcp any any eq www
access-list 100 deny tcp any any eq https
access-list 100 permit ip any any
interface vlan x
ip access-group 100 out
Where VLAN x is the VLAN that is connected to the internet - that prevents all outgoing connections on HTTP and HTTPS (by internet do you mean web pages or all traffic?) except for to IP 192.168.x.x where 192.168.x.x is a host address - NOT a network address.
Cheers! Let me know if you have any questions! Sorry about that!
 
0
 
LVL 4

Author Comment

by:nasirsh
ID: 22666164
Thnx so much for your help
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22666227
I guess that did the trick?
Cheers!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Low Cost Managed Switch 19 98
Setup SPAN to monitor DMZ traffic 2 51
Auto Smartport macro for Dell and HP laptops 2 53
P2P and MPLS 3 42
I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now