[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 237
  • Last Modified:

How to block incoming traffic to my switch

HI,

lately i have this problem where when ever my pcs connect to the LAN i get virus.

I would like to block all the traffic accept the specific server traffic i need for the pcs to access.

any one know how this can be done with cisco catalyst 2950.

i have try access-list 1 deny 192.168.1.1 but when try to ping from the pc i still can access the host ip 192.168.1.1


pls help
0
tankergoblin
Asked:
tankergoblin
1 Solution
 
Alex Green3rd Line Server SupportCommented:
Rather than blocking all traffic which is essentially what you will do, have you considered upgrading your AV software so it actually works?
0
 
lruiz52Commented:
Post your sanitized switch config.   I agree with Alex, check your AV software.
0
 
Craig BeckCommented:
I agree with the other experts, but if you really want to do it at the switch level you can use VLAN access-maps...

http://blog.ine.com/2009/08/10/vlan-access-control-lists-vacls-tiers-1/

You might find that your version of IOS doesn't support VLAN access-maps though, but the feature is supported on the 2950.

This will put unnecessary pressure on the switch as every single packet will need to be inspected to see where it needs to go, so it should be a last resort.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now