Solved

Disable Http Access on Cisco Catalyst Switch

Posted on 2008-10-07
5
1,956 Views
Last Modified: 2012-05-05
Hi there. Can anyone tell me how to disable http access on a switch. We have multiple VLANS and i Want to restrict a network and allow only one IP to access the internet. I have tried the following but it doesnt seem to be working.
Millat_C_Switch(config)#access-list extended 110

Millat_C_Switch(config-ext-nacl)#100 permit ip any any

Millat_C_Switch(config-ext-nacl)#99 deny tcp host 192.168.x.x 0.0.0.0 eq www any
 
 

Millat_C_Switch(config-if)#ip ACCESS GROUP 110 IN

Open in new window

0
Comment
Question by:nasirsh
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
You cannot do this on a Cat 2950 switch. The only switches that can do this are 3550 and above and other layer 3 switches that can have ACLs applied to VLAN interfaces (VACLS).
You will need a router or firewall to block this. This can't be done with a 2950.
Cheers! Let me know if you have any other questions!
0
 
LVL 4

Author Comment

by:nasirsh
Comment Utility
Can i apply this on port rather then VLAN.
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
Comment Utility
Sorry, what the heck was I saying!? My brain was mixed up. You can, of course, have ACLs on a 2950. Aarrgghhhh!
What you need to do is create an ACL in the following order:
access-list 100 permit ip host 192.168.x.x any
access-list 100 deny tcp any any eq www
access-list 100 deny tcp any any eq https
access-list 100 permit ip any any
interface vlan x
ip access-group 100 out
Where VLAN x is the VLAN that is connected to the internet - that prevents all outgoing connections on HTTP and HTTPS (by internet do you mean web pages or all traffic?) except for to IP 192.168.x.x where 192.168.x.x is a host address - NOT a network address.
Cheers! Let me know if you have any questions! Sorry about that!
 
0
 
LVL 4

Author Comment

by:nasirsh
Comment Utility
Thnx so much for your help
0
 
LVL 12

Expert Comment

by:Pugglewuggle
Comment Utility
I guess that did the trick?
Cheers!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now