Cisco Switches :: SF-300 Deny Access To From One Port To Other 4 Ports
Jul 20, 2011
I have 5 VLANs, I assign VLANs to its ports and make them all Untagged.I created ACLs and a ACE rules for each ACL, and then assigned to the ports.So what i am trying to do is to deny access to from one port to other 4 ports and granted access to any other ports. But it is not working, without last rule "allow any any" it has no access to any ports, with the last rule it grants access to every port even to those I denied.Router in Layer 3 mode, all VLANs have their IP's.
At some moment I was able to work it properly but without using any rules, I just tagged my untagged VLANs to those ports which I wanna get access to. As you can see I want allow ports GE1 - GE4 communicate with 1 to 24 ports but not to each other.
View 5 Replies
ADVERTISEMENT
Mar 25, 2012
I have a SG300 Switche working in layer 3 mode.I configured 3 VLANs on the switch, assigned all ports, given IP addresses to VLANs interfaces, etc.Now I want to implement ACL to permit or deny access between vlans and hosts.Can I apply an ACL to a whole VLAN (in or out) like Catalyst models?I mean apply the ACL to the entire vlan or the only way in this model is to implement that ACL port by port?Every time I have a new port configure to work in a Vlan I have to implement the ACL?
View 4 Replies
View Related
Jan 24, 2013
Recently our company purchased 3 Lynksys SGE2010p, At the moment they work as a stack but as we are implementing UCCX we need to mirror 15 ports but during the provisioning i've noticed that the limit is 8 ports per stack. I'm wondering whether this is a known issue or just a known limitation . I believe that most probably i'll need to move back to stand alone mode so i could configure 8 mirrored ports per switch.
View 2 Replies
View Related
Mar 6, 2013
I want to know if the SG300-28P can support 24 ports with 15,4w per port at the same time.
View 3 Replies
View Related
Sep 5, 2011
Does the ESW 520 24P Support Mirroring 20 Ports Traffic to 1 Destination Port?
View 3 Replies
View Related
Oct 7, 2012
I have a network with 3 segments and a 2921 router.v172.16.5.0/24, 172.16.0.0/27 and 172.16.2.0/23 .
I want to block all 135 TCP traffic from/to IP 172.16.5.5 to any host in other segment, but only TCP port 135 and only to the specified IP.
View 2 Replies
View Related
Aug 3, 2011
I just bought a SG200-18 in order to use LAG between a backup server and multiple computers and servers. Servers are supposed to all use 2 links and computers only 1.
As soon as I activate LAG on port 2 and 3, no matter what is connected on the switch I lose access to the switch interface (luckuly, it's still working on port 17 for a strange reason) and all computers / servers connected are randomly losing the network access. Everyrhing start to be slow but most servers and computers don't lose access to the internet. Browsing a web site will suddenly take ages but... it will work eventualy.
I already used LAG on other switch without a single issue.. The only uplink I have is to the router and I know that I don't have any issue with network cables....
So what am I doing wrong ??? I didn't even try to configure the TEAMING on the servers, just creating LAG on the switch will kill everything Oo.. I'm starting to think that my SG200 is dead out of the box.
View 4 Replies
View Related
Jun 8, 2012
i have Cisco L3 switch configured with diff vlan and assign diff subnet for all vlan . if i connect pc to vlan 2 i am able to ping host related to other vlan
View 5 Replies
View Related
Feb 14, 2013
Can i configure access ports into port channel on Nexus 7K switch.If possible then provide the complete configuration.....
View 2 Replies
View Related
Jun 22, 2012
I'm having some difficulties with the VLAN setup on the SG-200 and the WiFi access point. The access point (a TP-Link WA801N) is only able to access the internet when it is plugged into a port that is on the default VLAN (PVID 1). If I plug it into one of the other VLANs then any clients connected to the WiFi lose access to the internet and cannot access devices on the VLAN. I have previously used this setup with a first generation Cisco WAP4410N. [code]
View 4 Replies
View Related
May 28, 2013
I need developing a acl that can block a computer on the LAN from accessing the internet from midnight to 7am everyday. The router is a 857W, the computer is 192.168.2.33 the internal gw 192.168.2.254 (dialer 1 is 1.2.3.4).acl 101 deny tcp host 192.168.2.33 eq wwwwhat I need to figure out is how to add a time based acl to just this computer.
View 2 Replies
View Related
Jun 12, 2011
I have ACS 5.1.I have created the Identity Group 'Admin' and added 2 users in that, say User1 and User2.How do I permit only User1 to get authenticated when he logins in to the device?There is option to select 'UserName' while creating Service Access Policy , but I have observed that though I have mentioned only User1 in the rule, User2 is also getting permitted
View 1 Replies
View Related
Dec 5, 2011
We have a 3750 which has a few vlans configured. One Vlan is for public access wifi and another for our security system (door access, cameras, etc.). I don't want the public wifi vlan to access the security system vlan. How can I accomplish this in the 3750?
View 4 Replies
View Related
Apr 5, 2012
I have a 2801 router. Is there another way to deny access to a specify web site ( like youtube, facebook .. etc ) without create acl's with specifed ip's ? The router doesen't support url filtering. I thought to do something like redirect traffic to another site : for example if one client want to access url.. that the browser will open url...
View 4 Replies
View Related
Jul 5, 2012
Recently a router crashed and some suspicious about the client arised. The point is that now the order is to deny all kind of router admin access for the client. I was thinking, is this a good idea or will be better to give him limited access to the router, to avoid the client to try to access the router at all cost? Something like to stop the motivation to crack the router password.
View 7 Replies
View Related
Apr 1, 2013
Is it possible to deny all access except specific IP's to a service on a Dlink DIR-655 ?Say a web server on port 1234.The allowed IP's are not in a range.
View 1 Replies
View Related
Jun 29, 2011
I would like to know if exists some configuration using a WLC 4402 that deny network acces to smartphones but not to netbooks and laptops.
View 1 Replies
View Related
Jan 18, 2011
I set-up my law firm network with a server 2008 database. Now I am renting out one of my offices to a separate lawyer and I want him to be able to use my network to access the internet, but not my server 2008. Is that possible or is it already secure being I haven't installed any of my software on his computer?
View 2 Replies
View Related
Sep 18, 2012
How to protect shared folders to denie access from server???i am really in need of a software where i can share files on network but i don't want the system administrator to access those files.
View 1 Replies
View Related
Sep 9, 2012
I have block some website in URL Blocking.But they can access the website which i have blocked through proxy server? Can i deny user access proxy server? It has many proxy server,i can not block the proxy server one by one.
View 1 Replies
View Related
May 17, 2012
i have got the below long on the acs 5.2,one the vpn client user connect to asa 5510
Description
Selected Shell Profile is DenyAccess
Resolution Steps
Check whether the Device Administration Authorization Policy rules are correct
View 1 Replies
View Related
Oct 5, 2011
My network topology consists of 3 directly connected routers where the central router contains sensitive data and i need to block traffic from ENTERING the LAN adjoined to that router. My issue is creating an access list to DENY traffic from entering the network connected to Fa0/1 but ALLOW traffic to exit from that network. I am using one class C network which is subnetted 7 times to provide me with the required LAN's.
View 2 Replies
View Related
Feb 24, 2013
I connect to switch Access Point, configure port on switch which vlan work on this port. But after reboot AP my config for this port delete and have other config where vlan 1 untagged, and allow all other vlan. But in my cinfig allow 3vlan: untagged 100, and tagged 113, 999.
View 1 Replies
View Related
Sep 20, 2012
My home network is all Windows 7 computers (4 total), and are Ultimates except for my laptop, which is Home Pro. So that's 3 computers with Ultimate and 1 with home pro. I have one computer (also Win 7 Ult.) that's my primary computer, the other 2 computers are mostly HTPC computers that I have set up to stream from my main computer.I do know how to set up Home groups for sharing files, but I could only set it up that there would be full access to the shares or no access at all. [For simplicity: My primary computer will be PC-1, the 2 HTPC's will be PC-2 and PC-3, and my laptop PC-4.]PC-1 will host all the files I want access to. PC-2 and PC-3 will access my music and videos folders for streaming. PC-4 which is my own personal laptop will have full access to shared folders that I DO NOT want being able to be accessed on PC-2 and PC-3.I have tried many and various types of ways to deny access from PC-2 and PC-3, where PC-4 would be allowed access to on my PC-1, but every time it's either all PC's get access or NO access to the shared folders. I also want to keep all my user accounts as admins.
View 2 Replies
View Related
May 9, 2013
Region : UnitedKingdom
Model : TL-WDR4300
Hardware Version : V1
Firmware Version : 3.13.31 Build 130319 Rel.57876n
ISP : BT Infinity
I have 11 wireless devices connected to WDR4300. These are PCs, phones, tablets, PS3 etc. All devices have assigned DHCP addresses.I have read lots of faqs and searched the web, but still can not figure out a simple way to achieve the following:
I would like some of my devices have NO access to the Internet from 2200 to 0600.
View 1 Replies
View Related
Oct 31, 2012
I'm having troubles setting up a separate VLAN for wireless on a SG-200-26. My first question is why did Cisco not make the VLAN setup like they have all their other business class switches? Anyways, the Access and General modes on these SG class switches are throwing me for a loop.
Right now I just have one port (g10) on the SG-200 switch that needs to be in VLAN 6, which is our wireless VLAN. All other ports are in their default VLAN, which is 1.
Here's what I've done...
Configured port G1 (trunk to another switch) as the trunk port and Port G10 (attached to WAP) as a general port. All other ports stayed in their default configuration. This is what it looks like now...
Port Mode PVID Operational VLANs
g1 Trunk 1 1U, 6T
g2 Trunk 1 1U
[Code].....
I'm pretty sure port G1 is configured correctly, but I have no idea about what port g10 should look like. Common sense tells me it should be an Access port and assign it to VLAN 6, but apparently you cannot tag the traffic within an Access port on SG switches, which makes it useless because how will other switches recognize what VLAN the packets are in? So the next logical mode would be General mode, which I put in VLAN 6. I switched that port from being 6U (untagged) to 6T (tagged), but neither seemed to work.
VLANs on SG switches, how port g10 should be configured for VLAN 6 traffic.
View 4 Replies
View Related
Dec 13, 2011
how to access the CLI mode in cisco sf 302-08p 8-port 10/100 Managed switch. I treid the every method they mentioned in the Admininstration guide.I am not able to enter the command debug-mode and comand menu after resetting the default password. After logging in, its directly guiding me to switch main menu.
View 3 Replies
View Related
Jan 15, 2013
I recently bough for a home lab a sg300-10 switch. I have enabled layer 3 routing on it and have come across a puzzling issue. The switch is the default gw on this network, and in front of the switch there is a cable modem (ip route 0.0.0.0 0.0.0.0 192.168.0.7).
This is my config:
config-file-header
switch5ed948
v1.2.7.76 / R750_NIK_1_2_584_002
[Code].....
View 7 Replies
View Related
Apr 19, 2013
I am facing problem in configuration with SF-200-24P Switch . I am failed to configure two vlans on same access port i.e. data vlan and voice vlan. there is an option of auto voice vlan with vlan 1 and i changed to our voice vlan i.e. vlan 101 but didnt work. I tried many options. when i assign single vlan on each
access port it works . I have to configure like to work both data vlan and voice vlan with one access port. I worked on enterprise cisco switches its simple but on small business switch first time i am working.
View 1 Replies
View Related
Feb 15, 2012
I looking to buy SGE 2010 swith, but I have some question:
1. Can I use 4 SFP ports and stack of two switches at the same time.
2. Is it possible to use for stacking ports other than 24, 48?
3. What is maximum possible number of ports to use for stacking (can I get more than 1Gb thruput).
View 0 Replies
View Related
May 14, 2013
Is there a way to associate spare firewall ports with another port that is being used..For example...int gi 0/2 is being used currently for my web dmz. Its ip is 192.168.10.1..Is there a way for me to associate gi 0/3 with the same layer 2 as gi 0/2 ?
In my webdmz I use 2 ACE 4710 proxys in FT mode. I used a layer 2 switch to connect firewall and proxys together.
I would like to eliminate this switch if possible..and connect both 4710's (layer 2) direct to firewall.If I could make gi0/2 - 4 part of the same vlan, then I would be good to go.
View 2 Replies
View Related
Feb 2, 2012
One of techs accidentally connected two access ports from different switches together. Since then, LMS is alerting them as being Link ports down. I tried to default the config and set them to access ports without any success. what I should do in LMS to recognize them as access ports?
View 2 Replies
View Related
Apr 22, 2012
I've setup a site to site vpn on an ASA 5510 using ASDM (as I have many times before) and the tunnel appears to be up but I am not able to pass traffic. When I run the packet tracer from my inside network to the remote destination network, it shows that it is blocked by the implicit deny ip any any rule on my inside incoming access list.
View 5 Replies
View Related
