Solved

How to block incoming traffic to my switch

Posted on 2014-03-27
3
231 Views
Last Modified: 2014-04-05
HI,

lately i have this problem where when ever my pcs connect to the LAN i get virus.

I would like to block all the traffic accept the specific server traffic i need for the pcs to access.

any one know how this can be done with cisco catalyst 2950.

i have try access-list 1 deny 192.168.1.1 but when try to ping from the pc i still can access the host ip 192.168.1.1


pls help
0
Comment
Question by:tankergoblin
3 Comments
 
LVL 9

Expert Comment

by:Alex Green
ID: 39958632
Rather than blocking all traffic which is essentially what you will do, have you considered upgrading your AV software so it actually works?
0
 
LVL 17

Expert Comment

by:lruiz52
ID: 39959276
Post your sanitized switch config.   I agree with Alex, check your AV software.
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 39960288
I agree with the other experts, but if you really want to do it at the switch level you can use VLAN access-maps...

http://blog.ine.com/2009/08/10/vlan-access-control-lists-vacls-tiers-1/

You might find that your version of IOS doesn't support VLAN access-maps though, but the feature is supported on the 2950.

This will put unnecessary pressure on the switch as every single packet will need to be inspected to see where it needs to go, so it should be a last resort.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 2960 PACL 9 109
2960 and a VLAN id of 1237 2 66
Patch panel 7 49
2960 not recognizing subinterface configuraton of 5510 11 31
The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question