From: de Witt, Duane (duane.dewitt@siemens.com)
Date: Thu Jan 26 2006 - 15:45:38 GMT-3
Cool, thanks guys.
So if I wanted to limit traffic from VLAN 10 into VLAN 1 to TCP 1433 and UDP 1434 I would put the following access-list outbound:
Access-list 100 permit tcp 192.168.18.0 0.0.0.255 host 10.2.4.160 eq 1433
Access-list 100 permit udp 192.168.18.0 0.0.0.255 host 10.2.4.160 eq 1434
This will allow subnet 192.168.18.0/24 to access host 10.2.4.160 on specified ports?
Regards
Duane de Witt
Consulting Systems Engineer
CCIE # 15715
____________________________________________
SIEMENS Siemens Business Services
Siemens Service Center
126 14th Road
Erand Gardens
Midrand
South Africa
I +27 11 5452555
H +27 83 4452768
J +27 11 5415219
* duane.dewitt@siemens.com
-----Original Message-----
From: Jeremy O'Dette [mailto:jeremyodette@hotmail.com]
Sent: 26 January 2006 07:54 PM
To: Sheikh.Rahman@uk.didata.com; de Witt, Duane; ccielab@groupstudy.com
Subject: RE: 6500 Access-lists
One word of caution - Double check your ACLs with the "log" option or a
sniffer once you configure them:
We had a pair of 6500s (running hybrid 8.3/12.1(13)) in my office that were
setup for inter-vlan routing. I added a few extended ACLs to the SVIs on
the MSFCs and I noticed the ACLs weren't filtering traffic the way there
were supposed to be (letting denyed traffic into a SVI but blocking the
return path even though the ACl wasn't performing any egress filtering). I
always assumed applying an extended ACL to a 6500 SVI should behave the same
as if you put the same ACL on the physical interface of any other IOS box.
After talking the issue over with TAC some of the older IOS versions don't
appear to handle filtering properly. You probably won't have any issues but
I'd double check the ACLs are blocking everything they're supposed to be
blocking.
Jeremy O'Dette
CCIE #14973
jeremyodette@hotmail.com
>From: "Sheikh Rahman" <Sheikh.Rahman@uk.didata.com>
>Reply-To: "Sheikh Rahman" <Sheikh.Rahman@uk.didata.com>
>To: "de Witt, Duane" <duane.dewitt@siemens.com>, <ccielab@groupstudy.com>
>Subject: RE: 6500 Access-lists
>Date: Thu, 26 Jan 2006 16:31:46 -0000
>
>configure ACL on the MSFC and then apply it to vlan interfaces. All have to
>be done on the MSFC nothing on the sup card
>
>HTH
>
>Sheiky
>
>
> -----Original Message-----
> From: nobody@groupstudy.com on behalf of de Witt, Duane
> Sent: Thu 26/01/2006 16:14
> To: ccielab@groupstudy.com
> Cc:
> Subject: 6500 Access-lists
>
>
>
> Hi All
>
>
>
> Quick question: I need to configure inter vlan routing with access-lists
> between to vlan's. On a 3550 this would be a piece of cake. I've got a
> 6500 with CatOs and IOS on the MSFC. How would I go about doing this?
>
>
>
> Regards
>
> Duane de Witt
>
> Consulting Systems Engineer
>
> CCIE # 15715
>
>
>
> ____________________________________________
> SIEMENS Siemens Business Services
> Siemens Service Center
>
> 126 14th Road
>
> Erand Gardens
>
> Midrand
>
> South Africa
>
>
>
> * +27 11 5452555
> * +27 83 4452768
> * +27 11 5415219
> * duane.dewitt@siemens.com <mailto:duane.dewitt@siemens.com>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>**********************************************************************
>This email and any files transmitted with it are confidential and intended
>solely for the use of the individual or entity to whom they are addressed.
>If you have received this email in error please notify the system manager.
>
>Although Dimension Data has taken reasonable precautions to ensure no
>viruses are present in this email, the company cannot accept responsibility
>for any loss or damage arising from the use of this email or attachments.
>**********************************************************************
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Feb 01 2006 - 07:45:50 GMT-3