?
Solved

access-list deny all going out

Posted on 2010-01-11
7
Medium Priority
?
327 Views
Last Modified: 2012-05-08
Does anyone know how to create an access list on a cisco catalyst 3560 switch to not allow all traffic going out except for 1 IP?
0
Comment
Question by:dufff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26290382


yes:

ip routing

int vlan 1
 ip access-group 100 in

access-list 100 permit ip host x.x.x.x any
access-list 100 deny ip any any
0
 
LVL 16

Expert Comment

by:memo_tnt
ID: 26290809
Hi

100% but the sequence in commands starts with the ACL then assign it to the vlan interface
 if you are copying and pasting


access-list 100 permit ip host x.x.x.x any
access-list 100 deny ip any any                                    

then

int vlan 1
 ip access-group 100 in


0
 

Author Comment

by:dufff
ID: 26293755
Here is what I have, i will be testing today but I want to make sure only this one IP address can get in and out from the subnet 192.168.4.X

interface Vlan404
 description Data_Network
 ip address 192.168.4.31 255.255.255.0
 ip access-group Data_Access_In in
 ip access-group Data_Access_Out out

ip access-list extended Data_Access_In
 permit ip host 192.168.4.30 any
 deny   ip any any
ip access-list extended Data_Access_Out
 permit ip any host 192.168.4.30
 deny   ip any any

Could someone clarify if this config will only allow 192.168.4.30 in and out of the 192.168.4.X subnet and no other IPs?
0
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

 
LVL 16

Expert Comment

by:memo_tnt
ID: 26295808
yes
0
 

Author Comment

by:dufff
ID: 26295919
OK then one last thing, if I only wanted to allow ports 80 and 443 for 192.168.4.30 instead of any what would i enter for both in and out access-lists?
0
 
LVL 16

Accepted Solution

by:
memo_tnt earned 2000 total points
ID: 26296034
ip access-list extended Data_Access_In
 permit tcp host 192.168.4.30 any eq 80
 permit tcp host 192.168.4.30 any eq 443
 deny   ip any any


ip access-list extended Data_Access_out
 permit tcp host 192.168.4.30 any eq 80
 permit tcp host 192.168.4.30 any eq 443
 deny   ip any any
0
 

Author Closing Comment

by:dufff
ID: 31675921
thanks
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question