[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Blocking Ports on Cisco 6500 VLANS

Posted on 2009-04-24
7
Medium Priority
?
633 Views
Last Modified: 2012-05-06
I need to find out how to block telnet on a Cisco vlan. I am using a cCisco 6500 the VLAN I want the VACL to work on is 700. I am tring to stop users on VLAN 700 from using telnet ot get access to internal switches.
0
Comment
Question by:trath
  • 4
  • 2
7 Comments
 
LVL 7

Expert Comment

by:hau_it
ID: 24226785
create an access list and apply it to the vty lines
0
 
LVL 3

Author Comment

by:trath
ID: 24226803
I would like an actual example of how to do this if possible. thx
0
 
LVL 7

Expert Comment

by:hau_it
ID: 24226868
if the network that you want to block from telnet is 10.0.0.0/8 then create an access-list

access-list 10 deny 10.0.0.0 0.255.255.255
access-list 10  permit any

line vty 0 15
access-class 10 in
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 3

Author Comment

by:trath
ID: 24226902
Yeah that would work but what I am rellay wanting to do is to be able to block more than just telnet in the future should I need to. Right now its jsut telnet but I will also need the ability to block other ports  on the VLAN later on. I know how to add access lists to ports but have never added them to a whole vlan before.
0
 
LVL 7

Expert Comment

by:hau_it
ID: 24226944
what i ve written to you is the best way to block telnet into the machine and not to other machines.
If you want to block traffic to other ports then you must have inmind that you should place the access-list as close as possible to the source.
You will always need to create your lists from the most specific to the most general and always have in mind that there is an implicit deny in the end of the access-lists. You should the apply the access-lists to the vlan interfaces
0
 

Accepted Solution

by:
bepe86 earned 1000 total points
ID: 24226990
If you want to block all telnet traffic from VLAN 700, you can use an access list:

ip access-list extended BlockTelnet
 deny tcp any any eq telnet
 permit ip any any

interface vlan 700
ip access-group BlockTelnet in
0
 
LVL 7

Expert Comment

by:hau_it
ID: 24227028
this could block telnet traffic in general, but telnet to the switch is still possible if the users telnet to another interface
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question