• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 240
  • Last Modified:

How to block incoming traffic to my switch

HI,

lately i have this problem where when ever my pcs connect to the LAN i get virus.

I would like to block all the traffic accept the specific server traffic i need for the pcs to access.

any one know how this can be done with cisco catalyst 2950.

i have try access-list 1 deny 192.168.1.1 but when try to ping from the pc i still can access the host ip 192.168.1.1


pls help
0
tankergoblin
Asked:
tankergoblin
1 Solution
 
Alex Green3rd Line Server SupportCommented:
Rather than blocking all traffic which is essentially what you will do, have you considered upgrading your AV software so it actually works?
0
 
lruiz52Commented:
Post your sanitized switch config.   I agree with Alex, check your AV software.
0
 
Craig BeckCommented:
I agree with the other experts, but if you really want to do it at the switch level you can use VLAN access-maps...

http://blog.ine.com/2009/08/10/vlan-access-control-lists-vacls-tiers-1/

You might find that your version of IOS doesn't support VLAN access-maps though, but the feature is supported on the 2950.

This will put unnecessary pressure on the switch as every single packet will need to be inspected to see where it needs to go, so it should be a last resort.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now