• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 676
  • Last Modified:

Specific Commands to Allow SMTP through Cisco port

We have an in house application that sends an email notification, by way of SMTP, to an internal recipient.  We have discovered that some computers with the application will timeout when sending the email.  We have determined that the computers with the issue are connected to particular switches that the other computers are not.

I have seen some examples of how to modify the ACL to allow/deny SMTP that make sense.  However, I am not very familiar with the Cisco NOS and do not want to bring down the network or leave an unnecessary security hole.  My goal is to allow SMTP traffic on certain ports without otherwise altering the existing configuration.  The switches involved are the Cisco 2960 and 3560.

Could some one tell me the specific commands I would use to allow SMTP on a specific port without otherwise changing the existing configuration?  Any help would be greatly appreciated and would say us a service call.  

Thank you very much in advance,
0
jmarkh68
Asked:
jmarkh68
  • 2
  • 2
1 Solution
 
Mick FinleyNetwork EngineerCommented:
Copy the ACL and add permit tcp any eq 25 in the appropriate entry

Just make sure the entry to allow smtp is before an entry which would deny it.

Example:
access-list 101 deny ip any any
access-list 101 permit tcp any any eq 25

The second line wouldn't be applied since the first denys all ip traffic

0
 
jmarkh68Author Commented:
Does 101 represent the VLAN?
Does 'permit tcp any any eq 25' mean to allow any traffic in and out on port 25?
How do I copy the ACL?

All I really know how to do is change the VLAN on a port.  Some one showed me that step by step.
0
 
Mick FinleyNetwork EngineerCommented:
Are there ACL's on the switch?  Look for ip access-group <number/word> in/out, applied to either a port or vlan.  the number/word here is the name of the ACL.  Copy and paste the acl to notepad and add an entry that corresponds to the format.

if it's ip access-group 101 then, add "access-list 101 permit tcp any any eq 25"....yes this allows all traffic to use smtp

when the acl is applied to a port or vlan its either: ip access-group 101 in or ip access-group 101 out
With an 'any any' in/out doesn't make a difference, when using specific ranges it does.

2 examples doing the same thing:
EX 1:
access-list 101 permit ip 192.168.1.0 255.255.255.0 172.16.2.1/24
ip access-group 101 in

EX 2:
access-list 102 permit ip 172.16.2.1/24 192.168.1.0/24
ip access-group 102 out

If you post your switch config, I can be more specific
0
 
jmarkh68Author Commented:
I think I need to learn more about Cisco commands.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now