?
Solved

access-list deny all going out

Posted on 2010-01-11
7
Medium Priority
?
329 Views
Last Modified: 2012-05-08
Does anyone know how to create an access list on a cisco catalyst 3560 switch to not allow all traffic going out except for 1 IP?
0
Comment
Question by:dufff
  • 3
  • 3
7 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26290382


yes:

ip routing

int vlan 1
 ip access-group 100 in

access-list 100 permit ip host x.x.x.x any
access-list 100 deny ip any any
0
 
LVL 16

Expert Comment

by:memo_tnt
ID: 26290809
Hi

100% but the sequence in commands starts with the ACL then assign it to the vlan interface
 if you are copying and pasting


access-list 100 permit ip host x.x.x.x any
access-list 100 deny ip any any                                    

then

int vlan 1
 ip access-group 100 in


0
 

Author Comment

by:dufff
ID: 26293755
Here is what I have, i will be testing today but I want to make sure only this one IP address can get in and out from the subnet 192.168.4.X

interface Vlan404
 description Data_Network
 ip address 192.168.4.31 255.255.255.0
 ip access-group Data_Access_In in
 ip access-group Data_Access_Out out

ip access-list extended Data_Access_In
 permit ip host 192.168.4.30 any
 deny   ip any any
ip access-list extended Data_Access_Out
 permit ip any host 192.168.4.30
 deny   ip any any

Could someone clarify if this config will only allow 192.168.4.30 in and out of the 192.168.4.X subnet and no other IPs?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 16

Expert Comment

by:memo_tnt
ID: 26295808
yes
0
 

Author Comment

by:dufff
ID: 26295919
OK then one last thing, if I only wanted to allow ports 80 and 443 for 192.168.4.30 instead of any what would i enter for both in and out access-lists?
0
 
LVL 16

Accepted Solution

by:
memo_tnt earned 2000 total points
ID: 26296034
ip access-list extended Data_Access_In
 permit tcp host 192.168.4.30 any eq 80
 permit tcp host 192.168.4.30 any eq 443
 deny   ip any any


ip access-list extended Data_Access_out
 permit tcp host 192.168.4.30 any eq 80
 permit tcp host 192.168.4.30 any eq 443
 deny   ip any any
0
 

Author Closing Comment

by:dufff
ID: 31675921
thanks
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question